Prominent in-house lawyers have warned Australian law firms that legal process outsourcing is no passing fad. Speaking at the Australian Corporate Lawyers Conference, Telstra general counsel Sue Laver said LPO in Australia is the “next wave” in legal services and as clients, Australian corporates needed to be actively encouraging firms to take action.

Malisons’ Stephen Jaques announced last month that it would be offering LPO to all clients where appropriate, following a trial run on a discovery project. According to Sue Laver, as a result of the quality of work and cost savings on the discovery project Telstra would now look to send more commercial work to the LPO. “We got better results than we would have if we had used paralegals in a law firm,” said Laver. “Cost is a factor, but quality is what really impressed us, there is more rigour in their processes.”

Some law firms have been reluctant to investigate working with LPOs according to AMP general counsel Brian Salter. “We have loads of rote work. We went to law firms and spoke to them about LPOs, we put it to them that we would all benefit from it, and they were reluctant,” he said.

Some firms and legal commentators have criticised the use of LPOs, claiming they cost local jobs. According to George Toussis, senior legal counsel Hewlett-Packard, when the company switched to using an LPO for repetitive legal work not one of its 600 lawyers globally were retrenched.

According to a paper by Deloitte LLP, titled “The Resurgence of Corporate Legal Process Outsourcing: Leveraging a new and improved legal support business model” [PDF], in an economy where controlling costs is paramount, LPO may seem an attractive option for reducing rising corporate legal costs. However, many executives have historically had concerns regarding LPO’s feasibility and effectiveness. The paper presents a view that the LPO marketplace has matured to the point where concerns about LPO can be put to rest.

The paper explores the evolution of LPO since its inception, describes a strategy for adopting an LPO business model, and summarizes key considerations in evaluating LPO options. Deloitte believes the time is ripe for companies to pursue the potential benefits of using LPO as part of a balanced insourced and outsourced legal support business model: cost savings, improved service levels, and a streamlined in-house legal capability focused on higher-value activities.

A service level agreement (SLA) is a critical part of any outsourcing contract. SLA defines the boundaries of outsourcing project in terms of the functions and services that the service provider will deliver and identifies the service standards that the service provider must meet. A well-drafted SLA accurately sets expectations for both parties and provides guidance for measuring performance to the defined targets.

Although there is no hard and fast rule governing how many measurements the parties should include in each SLA, it only makes sense to measure what matters to customer. Customer may tend to think that the more measurements the SLA contains, the more control it will have over service providers. This approach rarely works in practice. Customer should choose the measurements with information that can be simply analyzed, digested and used to manage the project.

SLA also needs to specify the consequences for failure to meet one or more of service levels. The consequences may include service level credit or termination right by customer. Service level credit often does not adequately compensate actual lost suffered by customer as a result of service provider’s failure to meet the service standards. If the outsourced function is business critical, it is important to identify additional consequences for failing to achieve the service standards, such as designating the critical functions as key service levels and identifying the termination triggers.

Each service measurement service provider is required to meet add additional cost which will be passed on to customer. While it may be nice to have system availability 100% on a 7/24 basis, it adds significant cost to guarantee 100% availability. Customer needs to understand what it needs, why it needs certain performance standards and weigh expectations and set reasonable and attainable performance standards. The goal is to achieve customer’s business objectives at a lesser cost while the service provider is motivated to meet the achievable performance standards.

In certain cases, SLA may also include bonus to be given to service provider for exceeding the performance standards. While some customers may be of the view that SLA sets out the minimum standards and they expect the service provider to exceed the service levels without special compensation, there are benefits to structure the SLA to provide real incentives for outstanding performance by the service provider. If the service provider can add significant value to customer’s business, customer should be willing to share the extra value gained. Outsourcing is a partnership arrangement in that the service provider delivers business critical services to customer to enable customer to execute on its business objectives. It is important to have a winning contract for everybody.

Market conditions, business requirements and technology improvements continue to occur during the term of an outsourcing contract. A SLA needs to be adaptable to emergence of new technology and improvements. There should be periodic review and adjustments to reflect the industry standards.

SLA plays a very important role to guide the service provider to understand customer’s business requirements and to monitor their performance. Designing a comprehensive, fair and effective SLA is a key to a successful outsourcing relationship.

As the global demand for lower cost and efficient legal services grows, we will see new innovations in the delivery of these services. Integreon, a global provider of outsourcing services recently announced the opening of its legal process outsourcing (LPO) onshore UK delivery centre.

The facility in Bristol will provide a full suite of LPO services, including document review, contract management, merger and acquisition (M&A) due diligence and compliance support.

This is an interesting turn of events in the LPO space. The whole premise of LPO services is the significant cost advantage of the service (amongst other benefits) over local comparable services. So how can there be such cost advantages if the services are being delivered in the UK?

According to Integreon, “As the delivery of legal services evolves, it’s clear that most law firms and corporate counsel require a mix of onshore and offshore support”. “Although cost is clearly a significant driver in determining the choice of location, there are many other forces at play, including ethical and legislative restrictions, complexity of the task at hand, familiarity with a client’s particular legal system, amount and type of communication required, project duration, client comfort with a location, time zone preference and language skills. Some outsourced services are best delivered from an onshore facility.”

The news of this onshore service comes alongside an official launch of Integreon’s paralegal service, which will see the outsourcer provide firms with temporary staff when extra capability is required.

Is this shift toward an onshore servicing model a sign that the market hasn’t fully accepted the traditional LPO model? If clients are looking for bottom line savings, I am not sure that these developments are a move in the right direction.

According to legal management consultancy Fronterion LLC, changes will sweep through the legal services outsourcing sector in 2012 as competition for potential clients heats up. Time will tell whether more LPOs will establish local servicing centres. If this happens, clients should expect that the rates for these services will go up (and will likely go up significantly).

Last June we read with interest Zack Whittaker’s article Microsoft admits Patriot Act can access EU- based cloud data . The article focuses on the effects of the USA Patriot Act on cloud computing. Interestingly, the article states an admission made by the managing director of Microsoft UK that cloud data, regardless of where it is in the world, is not protected against the USA Patriot Act. As the data processor for cloud computing services, Microsoft, a US based company, can be compelled to hand-over data to the US authorities without any kind of prior notice or consent (even where doing so may be in contravention of other local laws in non-US jurisdictions).

This raises an interesting issue in the context of outsourcing deals where IT Managers and CIOs are constantly under pressure to deliver scalable, cost effective, “built for the future” solutions, and public cloud computing is one such IT solution offering just those features.

In the case of public cloud computing, many have argued that all data and information is potentially at risk of being disclosed under the USA Patriot Act where the cloud computing processor is US-based. Business owners need to look past the ownership and control of the information, as well as the privacy protection covenants in the outsourcing agreement, and consider how and where the information is processed and stored, and by whom. The effect of the USA Patriot Act on an outsourced transaction involving Canadian business owners and US-based service providers is nothing new. However, what is at risk of being overlooked is the back-door opening to the USA Patriot Act where non-US-based service providers are using cloud computing offered through a US-based company as part of the deal. This is where privacy protection provisions may fall short, and although they will not be effective to stop a disclosure of information under the USA Patriot Act, they could at least address the issue of damages were that to occur.

So what does this mean for business owners and service providers? Based on our review of the literature, some recommend that:

• business owners must understand their legal obligations to protect personal information and how the legal exceptions might apply to their businesses (for example, an appropriate customer consent at the time that information is collected may or may not be required). The legal obligations vary by jurisdiction – in some cases it may be enough to take reasonable steps to protect the information, even though protection cannot be guaranteed;
• business owners should assess the personal information that they are collecting and determine if they collecting too much information, or even the right information, for their business purpose;
• business owners must understand what they are representing to their customers concerning any personal information collected and whether those representations are accurate or need changing;
• the parties should consider specific contractual terms designed to address privacy in the cloud computing environment, such as early warning where legally permitted – this may mean some customization of the cloud computing contract; and
• business owners should adopt policies and procedures for dealing with unauthorized disclosure of personal information, to the extent that the disclosure becomes known to them.

Recent research published by industry analyst Gartner shows that the business process outsourcing sector will expand by 5 per cent in 2012, with multinational companies leading the charge. Business process outsourcing is seen by many companies as a means of reducing costs. Companies have been engaging in outsourcing (both information technology and business process services) for many years. Use of foreign-based third party service providers is also not new. While many of the issues are not unique to offshore outsourcing engagements, offshoring highlights the importance of some of the challenges.

Companies have been outsourcing various types of business processes to offshore service providers, including employee benefit administration, payroll processing, customer support, insurance claim review, credit card processing, mortgage servicing, or tax return administration. Sometimes outsourcing arrangements involve disclosing large volumes of personal or sensitive information to service providers. There have been incidents where employees of offshore suppliers misused the personal or sensitive information entrusted to them as part of the outsourcing arrangement. While data privacy incident may occur anywhere, customers have less control when service providers are located in another country. Privacy and security requirements are key consideration in any offshore outsourcing arrangements. It is important for customers to include provisions that require service providers to implement and maintain security measures that are designed to safeguard customer information.

Offshore outsourcing also involves the risk of potential applicability of foreign jurisdictional law to the outsourced activities. A company located in Canada may decide to outsource its back office processing function to a service provider at an offshore location. The arrangement may involve sending personal information of Canadian customers to the service provider’s data centre in the United States. The data may be backed up in Europe and processed by the service provider in Asia. Since different countries have different approaches to privacy, the requirements of each jurisdiction must be considered. Companies that engage in offshore outsourcing should consider how foreign data privacy laws or regulatory requirements may interact with the domestic privacy laws and regulations and how any possible conflicts can be managed.

There are also country risks (social, economic and political instability) involved in doing business in certain countries. For example, escalation of the India/Pakistan conflict, potential terrorist attacks, civilian unrest, acts of war which could prevent the offshore service provider from delivering the services. If the outsourced function involves critical business operation, customer needs to develop plans to actively monitor the country risk, develop its own contingency or resource backup plan, and build in mechanism in the outsourcing contract to deal with the contingency plans and exit strategies. While service providers always have business continuity plan, customer needs to examine the plan to determine how it works with customer’s continuity planning and to assess the likelihood that the service provider will be able to implement its plan when required. For example, a contingency plan that moves workers from one region to another (or even from one country to another) may be difficult to implement. The contingency plan needs to be tailored according to the nature and criticality of the work being performed at the offshore location, the complexity of the work, and the onsite/offshore staffing ratio.

This column was prompted by an article in the Toronto Globe and Mail's Report on Business during that post-Christmas period of year-end retrospectives. In "Earthquake. Tsunami. Floods. Here is how a battered industry is getting back on its feet" (Globe and Mail, December 27, 2011), Greg Keenan analyzed how Japanese automakers were affected by recent natural disasters: last March's powerful earthquake and tsunami and the Thailand floods. The devastating impact was aggravated by problems with the automakers' suppliers: the automakers suffered severe parts shortages but were unable to adjust to these problems because of their inability to obtain critical information from the suppliers. Interestingly, in the longer term, the automakers have responded by: (i) developing a more extensive and intricate knowledge of their supply base, one that now extends down to third and fourth-tier suppliers; and (ii) requiring more flexibility from their suppliers, including that the suppliers retain more inventory on hand and have the capacity to shift production between factories.

The issues that confronted the automakers are potential problems for any business that outsources. Outsourcing customers should be thinking about the consequences of disasters, both those affecting themselves and those affecting their service providers, and including appropriate provisions in the outsourcing agreement to deal with these impacts. In this blog, I want to discuss some thoughts about these disaster recovery provisions.

1. Disaster Recovery Services are not "Included" Services

During one set of negotiations, just after the customer discovered that disaster recovery services were not automatically included as part of the base service offering, the customer's lawyer said, with some dismay, words to the effect that:

Your client has data centres all across North America and you have described to us your extraordinary depth of information technology experience. Surely, if a disaster were to occur, you have the expertise, ability and capacity to migrate our systems to one of these other sites.

Respectfully, in these circumstances, the customer's lawyer missed the point. Certainly, the service provider will have the expertise to respond. And, at the moment the disaster occurs, the service provider may indeed have personnel and infrastructure not otherwise occupied that are available to assist. But all that is serendipity which is not a very strong foundation for the customer's disaster recovery plans.

Nor can an obligation for the service provider to provide the expertise, ability and capacity to respond to a disaster be inferred because the outsourcing contract happens to contain a "sweeps" provision such as the following:

The Services shall be deemed to include all other services, duties, functions or responsibilities that, while not specifically described herein, are reasonably and directly required for the proper performance and provision of the Services.

Even if it were possible to make this argument, it would be defeated by the force majeure provisions of the outsourcing agreement that excuse a party's non-performance resulting from events beyond its reasonable control.

In thinking about disasters, the customer should document its requirements for disaster recovery services in the outsourcing agreement so that it has firm commitments to which it can hold the service provider accountable.

2. Disaster Recovery Planning vs. Business Continuity Planning

A disaster recovery plan is not the same thing as a business continuity plan. The disaster recovery plan is a tactical plan, describing the process by which a business recovers from the disruption of a disaster. A business continuity plan, on the other hand, is more comprehensive. It describes how a business can continue to operate, and to make money, not just in the event of a disaster, but also following smaller disruptions, e.g. the departure of key employees such as the CEO, problems with suppliers, fraud or criminal activity, negative publicity or cyber-attacks. One definition of a business continuity plan I have seen is:

"Business Continuity Plan" means a description of procedures, information and advance arrangements that will guide the timely recovery and ongoing provision of services, programs and operations within a predefined period of time, following the occurrence of an event, including a Disaster, that interrupts operations or disrupts the delivery of the Services and includes a disaster recovery plan which details the back-up and recovery procedures to be followed by the Service Provider, in the event of a Disaster, for systems supporting essential services.

The disaster recovery plan will be a component of the business continuity plan and needs to be developed as part of the business continuity planning process. But it is not the same thing as a business continuity plan.

This means it is inappropriate for a customer to transfer the responsibility for developing, maintaining or updating the customer's business continuity plan to its outsourcing service provider. That responsibility should remain with the customer: it is the customer who needs to determine the level of interruption the business can sustain, the amount the customer is willing to pay for business continuity services and the role of insurance. The service provider's responsibility, within this context and using its technical expertise, is to develop the disaster recovery plan in conjunction with the customer and to provide the disaster recovery services according to this plan.

Still, there is one sense in which business continuity plays into development of the disaster recovery plan. Consider the new attitude of the Japanese automakers to their suppliers: the automakers are demanding more information about their supplier base including about the suppliers of their suppliers. In the same vein, as part of a customer's disaster recovery planning, and given the material adverse impact that a disaster affecting the service provider can have on the customer, the customer should be seeking information about the service provider's business continuity plan and perhaps about the business continuity plans of the service provider's material subcontractors.

3. Disaster Recovery Statement of Work

Although international standards exist (e.g. ISO/IEC 24762:2008: Guidelines for information and communications technology disaster recovery services), there is no well-defined level of disaster recovery services that can be incorporated into an outsourcing agreement simply by referring to "industry-standard levels of service". Instead, each outsourcing agreement should provide for a detailed description of the disaster recovery services to be provided to the customer including the steps to be taken before, during and after a disaster. This detailed description of services is normally set out in a separate statement of work and becomes, in effect, the disaster recovery plan.

The disaster recovery services statement of work should, for example:

(a) deal with the transition of responsibility for disaster recovery services from the customer to the service provider following signing of the outsourcing agreement;

(b) establish recovery point and recovery time objectives for the respective services;

(c) set out the obligations of the service provider to retain redundant resources or, if redundant resources are not to be provided, the steps to be taken following the occurrence of a disaster to replace resources impacted by the disaster;

(d) describe the services to be provided in response to different types of disasters;

(e) document the responsibilities for declaring that a disaster has occurred and the process to be followed;

(f) specify how frequently and in what manner (paper test versus simulation) the disaster recovery plan is to be tested and any rights of the customer to participate in the testing or to review the test results;

(g) require the service provider to remedy any deficiencies identified in the testing within a specified period;

(h) require the disaster recovery plan to be updated on a periodic basis and, in any event, following implementation of any material change in the services; and

(i) require the service provider to provide, within a specified period of time after declaration of the disaster, a report detailing the root cause of the disaster, the steps taken by the service provider in response to the disaster and any recommendations the service provider may have with respect to improving the disaster recovery plan for the services;

4. Force Majeure

One final point. Most outsourcing agreements will include a provision excusing a party's non-performance where the non-performance is the result of a Force Majeure Event:

"Force Majeure Event" means an event which is beyond the applicable party's reasonable control, and that interferes with, delays or prevents performance of the obligations of such party, provided that the non-performing party is without fault in causing or failing to prevent such occurrence, and such occurrence cannot be circumvented through the use of reasonable alternative sources, workaround plans or other similar means

The definition of Force Majeure Event should be subject to the service's provider disaster recovery obligations: the service provider should not be excused from performance of the services following the occurrence of a disaster to the extent that the disaster is within the purview of the agreed to disaster recovery plan.

Twenty-five years ago, outsourcing contracts discussed disaster recovery in the same breath as back-up and archiving of data. The agreements included provisions describing the frequency with which customer systems, information and data were required to be backed up, the applicable retention periods and storage locations and, occasionally, the service provider's obligations to verify its ability to retrieve data from tape. The agreements did not usually say much more about the services to be provided in the event of a disaster. But times have changed. Outsourcing agreement will now set out expressly how the parties are to deal with disasters and other interruptions of service. It is important however for the customer and the service provider to take a thoughtful look at these provisions to ensure that the parties' obligations in the event a disaster occurs correspond with their expectations.

Fronterion, an international management consultancy which focuses exclusively on advising law firms and corporations on outsourced legal services recently published a report on the Top Ten Trends for Legal Outsourcing in 2012.

The Top Ten Trends for LPO in 2012 are:

1. Profitability Squeeze for LPO

The shrinking gap between wages in the developing and developed countries will squeeze margins for LPO vendors in 2012.

2. Growth Beyond Litigation Support

Large‐scale litigation was one of the first outsourced legal services to gain widespread adoption and remains by far (particularly in the US) the most popular. In 2012, LPO vendors more than ever, will seek to diversify service lines – from contract management to due diligence on M&A transactions – as legal professionals become more comfortable with LPO collaboration both on and offshore.

3. Technology and LPO Combine

In 2012, technology platforms will be increasingly bundled together with traditional LPO offerings, combing two of the most important trends shaping the legal profession. This means using software systems as well as low‐cost human labour to provide cheaper and more efficient legal services. Advances in technology will expand the scope of LPO offerings. In the long term, certain manual LPO services may become superfluous. Bundling LPO services with technology offerings will be an essential differentiator for outsourcers in 2012.

4. Adoption of LPO Techniques

The adoption of LPO techniques in 2012 is a serious endorsement of the LPO approach and will shape the practice of law. In 2012, Fronterion projects a definitive shift as law firms and legal professionals act more like LPO vendors. That means replicating the LPO approach of process, reporting and project management. Compared to the traditional practice of law, LPO techniques deliver more scalable and transparent services through better management and consistent quality. This trend has already started in 2011.

5. Law Firm Insurers Target LPO 

As outsourcing becomes more common, LPO services may create new risks for legal professionals that will be addressed by law firm insurers in the coming year.

6. Changes in the Executive Ranks

The skill set required for leading an LPO in this evolving industry, along with growing pressure on existing management to produce results, will likely result in management changes in certain LPO vendors in 2012.

7. LPO Faces Formidable Competition

As clients increasingly expect value based options in 2012, law firms will be forced to use LPOs and will likely include LPOs in RFP responses. However, LPOs may face intense competition from mainstream legal vendors such as staffing firms, discovery vendors, and law firms with specialized delivery centers.

8. Winner take all Mentality

In 2012, the LPO industry will continue to be dominated by a few key players. It is not expected that there will be a radical change in the LPO industry in the coming year.

9. Changing Professional Guidelines

US and UK law firms are evolving toward greater openness to alternative legal service delivery and LPO‐inspired approaches – driven by technology and a fundamentally changing legal profession. Next year U.S. and U.K. professional and regulatory bodies are due to publish the results of studies on the impact of outsourcing. Regulators have been slow to offer guidance to legal professionals wrestling with the changes in the legal profession. LPO will increasingly be under a spotlight in 2012.

10. Evolution of the Law Firm Client Relationship

In 2012, in‐house legal departments will increasingly contract directly with LPOs. Some corporate in‐house lawyers will actually prefer to tap the expertise of LPO providers directly. For example, due to the LPOs’ focus and service volumes, they have increasingly demonstrated superior expertise compared to their law firm counterparts for certain tasks, such as searching documents for key words and phrases. These developments will continue to create fundamental questions around the role of the law firm.

Third party assurance reports have become an integral part of outsourcing transactions: they represent an auditor's report on the controls in place at a service provider that impact a customer's financial reporting. In this posting, I want to look at the new Canadian standard, CSAE 3416. Before doing so however, I want to consider third party assurance reporting in more detail.

Third Party Assurance Reporting

Third party assurance reports relate to the control objectives and controls established by a service provider, i.e. it is the service provider that is responsible for the control objectives relating to its business, the specific controls that are implemented and for the completeness, accuracy and presentation of its policies and procedures. In the third party assurance report, an auditor retained by the service provider audits the controls and expresses an opinion about the controls based on the results of its audit.

For example, a service provider may establish control objectives in respect of its business that relate to its procedures to ensure the confidentiality of information, the effectiveness of its change control procedures or its facilities being protected against unauthorized access. The service provider will also establish, for each of these control objectives, a series of controls that are designed to achieve the objective. For the control objective, the service provider's controls provide reasonable assurance that its facilities are protected against unauthorized access, the service provider's controls in support of this objective might well include the following:

1. the service provider's resources are subject to site access controls in the service provider's data centres;
2. the service provider's data centres are protected by a video surveillance system; and
3. the security and guard services at the service provider's data centres follow physical security procedures.

In preparing the third party assurance report, the auditor retained by the service provider will audit the controls in place at the service provider to obtain reasonable assurance about whether: (1) the description of the controls presents fairly, in all material respects, the aspects of the service provider's controls that may be relevant to a customer's internal control as it relates to an audit of the customer's financial statements; (2) the controls included in the description were suitably designed to achieve the control objectives specified in the description, if those controls were complied with satisfactorily; and (3) the controls were in operation at a specified date.

Since 2006, in Canada, the standard to be applied by auditors in performing third party assurance reports has been the Canadian Institute of Chartered Accountants, Section 5970, Auditor's Report on Controls at a Service Organization, commonly referred to as a Section 5970 Audit or a Section 5970 Report. But that is now changing. The Canadian Auditing and Assurance Standards Board, the body responsible for developing and establishing standards and guidance governing auditing and assurance in Canada, has issued a new standard, Canadian Standard on Assurance Engagements, Reporting on Controls at a Service Organization ("CSAE 3416") that will become the standard for third party assurance reports issued for periods ending after December 15, 2011 (although earlier implementation is permitted).

ISAE 3402

The new Canadian standard was a response to developments internationally and in the United States. For many years, in the absence of an international standard for assurance engagements, service providers were forced to offer international customers reports done according to the U.S. standard or to undertake multiple audits according to varying local standards. To deal with this and other issues affecting third party assurance reporting, the International Auditing and Assurance Standards Board ("IAASB") developed and issued an international standard, International Standard on Assurance Engagements 3402, Assurance Reports on Controls at a Service Organization (ISAE 3402). The standard was published in December 2009, to be effective for periods ending after June 15, 2011 (earlier implementation was permitted). It was not the intention of the IAASB to replace national standards for assurance engagements. Instead, it wanted to provide service providers with an alternative to issuing multiple reports under varying local standards.

SSAE 16

The American standard, Statement on Auditing Standards No. 70, or SAS 70, had been issued by the American Institute of Certified Public Accountants ("AICPA") in 1992. In the intervening years, it had arguably become the gold standard for audits of internal controls at a service provider. As the IAASB was developing the new international standard however, the United States was reviewing its standards with a view to bringing them in line with the international ones. The Auditing Standards Board of the AICPA also used the review as an opportunity to re-consider service provider audits and whether the standards that applied should be considered "audit standards" as opposed to "attestation standards" (Statement on Auditing Standards (SAS) versus Statement on Standards for Attestation Engagements (SSAE)). In April, 2010 the Auditing Standards Board issued Statement on Standards for Attestation Engagements No. 16, Reporting on Controls at a Services Organization (SSAE 16). As with the international standard, SSAE 16 was effective for periods ending on or after June 15, 2011 with earlier implementation being permitted.

CSAE 3416

In the "Basis for Conclusions" document prepared by staff of the Auditing and Assurance Standards Board relating to CSAE 3416 (available at http://www.aasbcanada.ca/basis-for-conclusions/item40880.pdf), the AASB's objectives in developing CSAE 3416 were identified:

The AASB's objective was to develop a Canadian Standard on Assurance Engagements equivalent to SSAE 16, making only minimal amendments to the wording of the SSAE to:

(a) avoid any inconsistency with Other Canadian Standards; or

(b) address circumstances particular to the Canadian environment where amendments are required to serve the Canadian public interest and maintain the quality of auditing and reporting in Canada.

Since SSAE 16 was developed on the basis of ISAE 3402 but amended to respond to U.S. requirements, in aligning the new Canadian standard with the U.S. standard, the Canadian standard would also be aligned with the international standard. Although the Basis for Conclusions document identified three areas where amendments were made to SSAE 16 in finalizing the Canadian standard, e.g. in respect of cross-references to auditing standards, it concluded that CSAE 3416 was aligned with the U.S. standard in all material respects.

CSAE 3416 does not represent a radical overhaul of the standards for third party attestation engagements. In many ways, the new standard is similar to CICA, Section 5970, for example:

• The scope of the attestation engagements under CSAE 3416 continues to be focussed on controls likely to be relevant to customers' internal controls over financial reporting;
• Two types of reports may be issued: a Type 1 report attesting to the fair presentation and design of the service provider's controls and a Type 2 report attesting to the fair presentation, design and operating effectiveness of the controls; and
• Use of the report is limited to management of the service provider, existing customers and their auditors. The CSAE 3416 report is not intended to be used by service providers in marketing their services to potential customers.

There are differences however that will impact service providers. These differences include:

• Management of the service provider is now required to provide a written assertion about the service provider's controls. This requires management to state, in the case of a Type 1 report, that the controls are fairly presented and suitably designed and in the case of a Type 2 report, that the controls are fairly presented, suitably designed and operating effectively to achieve the identified control objectives. It is not intended however, that the auditor report on the written assertion provided by service provider's management.

• If the auditor relies on the work of the service provider's internal audit in the engagement, this fact needs to be disclosed in the report.

Neither the similarities between CICA, Section 5970 and CSAE 3416 nor the differences between the standards that are identified above are intended to be comprehensive. However, as December 15, 2011 approaches, there has been an outpouring of information about CSAE 3416. It is important for outsourcing counsel to spend the time reviewing the material and getting an understanding of the new standard, if only to be able to appreciate the benefits and the limitations of third party assurance reports prepared in accordance with the new standard.

‘Tis the season! For the holidays, et cetera, but more particularly for CLEs which meet the Law Society for Upper Canada’s new requirements for professionalism and ethics. Every lawyer called to the bar in Ontario must complete three hours of continuing legal education approved by LSUC that is directed to instructing on professionalism and ethics. In the mad rush to meet the year-end deadline, CLEs are popping up all over the place directed to this topic.

IT Professionalism and Ethics CLEs: An Introduction

For outsourcing and information technology lawyers, it was a challenge earlier this year to find relevant seminars. There were many generic seminars on practice management and the like that could appeal to an information technology lawyer in a general sense, but very few seminars that addressed issues specific to the practice of information technology or outsourcing law.

I suspect that there are several good reasons for this. IT lawyers are rarely in court, so the ubiquitous litigation-related professionalism courses are only tangentially relevant. (IT companies rarely air their dirty laundry, preferring in the worst cases confidential arbitration instead.) IT lawyers spend most of their time either drafting contracts or negotiating them between reasonably well-funded and well-represented parties, which can make for boring ethical fodder.

Recently, however, there have been a number of seminars that were of particular relevance to IT lawyers in Ontario. The Ontario Bar Association and LSUC put on a couple of seminars in the fall, for example. Our colleagues across the country may find these seminars of interest even if they do not have these particular CLE requirements to contend with. A number of these seminars addressed ethical and professionalism issues arising in contract negotiation.

This topic is near and dear to my heart. I spoke on it at a recent session to the Licensing Executive Society. With that engaged audience, we ran over time by almost half an hour, and had to cut the session short, because there was such excellent discussion to be had. So much for it being boring ethical fodder, I discovered.

In this column, and in at least one more upcoming column, I will present one or a number of scenarios in which ethical or professionalism concerns arise in the context of IT transactions. Some of these scenarios could be generalized to any commercial transaction, and others have a particular IT twist.

Errors in IT Negotiations

The first scenario I would like to discuss is whether it is ethical or professional to take advantage of errors of opposing counsel or their client in the context of an otherwise balanced IT negotiation.

Most if not all professionalism codes will expressly forbid “sharp practice”, which, in the little case-law in Canada that describes it, includes taking advantage of a “clear oversight” by an opponent in a proceeding. (Construction Workers Local 53 v. Fahringer Mechanical Contractors Limited (2001), CanLII 3504 (ON L.R.B.)). LSUC’s Rules of Professional Conduct instruct a lawyer to “avoid” sharp practice, and particular forbid lawyers from taking advantage of mistakes of other legal practitioners where such errors do not go to the “merits”. In a negotiation, this is a thin line. There are few procedural errors a lawyer could make in a negotiation, and most errors would go to the merits or otherwise affect their client’s rights.

There are several general categories of obvious errors that occur in an IT negotiation.

Metadata

One of the most common obvious errors is a failure to cleanse a document of metadata. Metadata, such as the author of a document, when it was created and edited, and, in a document with tracked changes, who made which changes at what times, can provide a wealth of negotiating information to an opposing party. For example, it can help an opposing party identify who the decision-makers are and call out internal disagreements within an opposing party. For this reason, it is common practice to scrub documents intended for the other party of all metadata.

Once in receipt of a document containing metadata from the other party, is it unethical or unprofessional to take advantage of the error and review the metadata? I think so, but there were mixed opinions at some of the seminars I attended which addressed the topic. I believe that it falls within the LSUC prohibition, since metadata cannot be said to go to the “merits” of a point under negotiation. As a practical matter, I know it is possible to manipulate metadata, so would not be inclined to rely upon it anyway.

Internal Correspondence

Another common but obvious error is the inadvertent inclusion of internal emails in an email reply. In the heat of a busy negotiation, the parties will be exchanging many emails. These emails are often forwarded internally within each party, and may be commented on. Strategies and potential responses may be discussed before a response is formulated and returned. It is at best embarrassing and potentially quite damaging when this internal discussion is forwarded to the other party in a negotiation.

Once having received a document that contains such information, I feel that I am ethically obliged to limit its distribution. I may or may not have contractual obligations to keep the negotiations confidential. But, in any event, the error cannot be exploited, so limiting its dissemination will reduce the temptation to do so by my client.

Practical considerations may prevail anyway. It can be counterproductive to raise the error, or to use the information provided by it, in negotiation. Although it is nearly impossible to stuff the genie back in the bottle, if the party that made this error is reminded of it subsequently at the negotiation table, it is likely to embarrass or upset them further, and put distance between the parties. Conversely, an error professionally handled can engender respect between the parties, and, ultimately, a measure of trust that will be essential to close the transaction.

Technological Errors

A third kind of error is what I call a “technological error”. It is an error in the specification of the technology being contracted for under the agreement. This kind of error is often only obvious to one of the two parties. The party with the greater technological expertise may spot that the other party has made incorrect assumptions or selected technology that would not work as intended. If this error is made by the customer, the service provider has a strong business interest to stay silent. Once the error is discovered, often after the contract is signed, the service provider is in a much stronger negotiating position, and can use the error to force other changes in the agreement, including increased fees.

If I was acting for the service provider, and my client informed me that the customer had made such errors in their specifications, I could be in a difficult position. This is not an error of opposing counsel, but instead is an error of their client, so the professionalism rules do not apply. If there were a great inequality in bargaining power, case law relating to such negotiations in non-technical fields (such as employment or franchise law – see Shelanu Inc. v. Print Three Franchising Corp. 2003 CanLII 52151 (ON CA), (2003), 64 O.R. (3d) 533, and the cases cited therein) have imposed a duty to negotiate in good faith, which, if it applied in an IT transaction, could oblige a party to point out an error like this. However, in a negotiation involving sophisticated and well represented parties, I would not have trouble staying silent with respect to this error, since the parties are well equipped to spot their own errors.

Rule of Thumb

There are, of course, many other types of errors that can arise in an IT negotiation. To evaluate each, counsel should consider whether the professionalism rules of their jurisdiction apply, whether a duty to negotiate in good faith applies, and whether, as a practical matter, the damage to the relationship between the parties is worth the gain to be had by exploiting the error.

The IT bar in Canada is an intimate one, and word gets around. To keep your clients and preserve your reputation, ultimately, the soundest course is to follow the golden rule, and treat others as you hope to be treated (and make sure your insurance is up to date).

Exit provisions are one of the most important contractual protections for a customer in an outsourcing relationship. The provisions provide the framework to allow a customer to continue its business during transition and provide leverage for the customer in renegotiating the contractual terms. It is important to carefully draft the exit provisions because they will be used when the relationship between customer and service provider is not at its best.

A well-drafted outsourcing contract enables either party to terminate the arrangement prior to the agreed-to end date in a fair and reasonable manner. This is not to say that the termination provisions should be mutual between the customer and the service provider because the risk two parties undertake in an outsourcing arrangement is very different. If an outsourcing contract is terminated, the service provider will lose revenue. On the other hand, the risk for the customer is substantially higher if an outsourcing contract is terminated. For example, the customer losing services for its call centre or IT infrastructure management or its business process (such as reconciliation or payment processing) translates into losing operational time, revenue and reputation. The difference in risk between customer and service provider means that the two parties need to have different termination right in an outsourcing contract.

One of the termination rights in an outsourcing contract is termination for material breach. While some may argue that such termination right should be reciprocal such that if there are material breaches by one party, the other party should be able to terminate. There are certain circumstances where a service provider should be able to terminate for breach by a customer but such termination right should be restricted to very few cases. For example, if there is a sustained failure by the customer to pay undisputed amounts or if there is an infringement on the intellectual property rights of the service provider by the customer. Some may argue that the service provider should also be allowed to terminate in the situation where the customer has failed to perform its obligation which hinders the service provider’s ability to perform its contractual obligations. This type of breach by a customer can usually be remedied by monetary damages and termination is not an appropriate remedy.

The other termination right is termination for convenience or termination without cause. This termination right is usually exercised when a party decides that the outsourcing arrangement no longer aligns with its business direction. Transitioning from a service provider involves considerable cost, risk and disruption to customer. Giving a service provider the right to terminate for convenience means the customer may be forced to migrate to another service provider at a time dictated by the service provider. This is highly disruptive for a customer. This will also force the customer to incur transition cost that it is not budgeted for.

Some service providers still argue the necessity of having a reciprocal termination for convenience provision on the ground that the outsourcing relationship may not work as planned and the service provider should be allowed to exit. It is for this reason that the customer should resist the reciprocity of this provision. If it turns out that the outsourcing contract is not as profitable as the service provider has originally anticipated, this termination right provides the service provider significant leverage in renegotiate the terms (including pricing) and the service provider will be able to extort higher pricing from the customer simply because the customer heavily relies on the service provider to keep its operation running. Unless the customer misled the service provider in the due diligence phase, it is the responsibility of the service provider in conducting proper due diligence and preparing an accurate cost model. The risk of not performing proper due diligence or preparing an accurate cost model should not be shifted to the customer through the leverage the service provider may have in threatening to terminate the outsourcing contract for convenience.

Professor Mari Sako, a fellow of the Novak Druce Centre for Professional Service Firms at the University of Oxford’s Saïd Business School published a very interesting paper titled General Counsel With Power? From May 2010 to January 2011, Sako interviewed 52 GCs in the US and UK with the aim of analyzing what is happening in the in­house legal departments of major corporations and financial institutions. Interviews explored various areas including the changing relationships with law firms; the extent to which work has become disaggregated; and how multi-sourcing (i.e. the use of multiple sources of legal service delivery, including outsourcing and offshoring) decisions are made.

Two agents of change, according to Sako, are transforming legal practice. These agents of change are in-house legal functions and new entrants in the global legal services market (including legal process outsourcing providers).

It should come as no surprise that in-house legal functions are transforming legal practice and in particular the nature of the relationship between corporations and law firms. The 2008 financial crisis seems to have intensified the drive for optimization of legal resources (internally and externally), cost effectiveness and efficiency. If the state of the current global economy is anything to go by, this trend is going to continue. ‘In one case,’ wrote Sako, ‘the GC of a divisionalised company stated, “Our legal department is a planned economy”, and pointed to a performance “dashboard” that the legal department at each operating business unit was required to submit on a monthly basis. At another company, the GC introduced a central approval system for legal fees above a certain sum. This led in-house lawyers to think twice about the necessity of putting work out to external lawyers.’

The work of lawyers today may be on the verge of transformation due to technology, globalization and new entrants. Cost pressures have led many GCs to consider (and implement) a production-line approach – involving disaggregation of work, standardization, process management and project management. Although some GCs have not adopted this approach, other GCs have taken the lead and have made significant efficiency gains.

Once legal work has been disaggregated, the in-house legal department must consider efficient ways of servicing each task. Historically, law firms have been the primary means of servicing an in-house legal department’s work. Corporations today have more options and in the last several years, the number of possible sources of legal service has expanded – ranging from offshoring to onshoring. How much work will migrate from corporations and law firms to other parts of the value chain is anyone’s guess at this stage; however, it is probably fair to assume that multi-sourcing (the use of multiple sources of legal service delivery) is likely to increase.

Outsourcing deals are often long-term arrangements that span over periods of 10-15 years. It is not unusual to see personnel changes on both sides of the contract during the term of the deal, right up to the point where there is no-one left from the original deal team on either side. For many this might not sound like an issue – after all, knowledge transfer tends to be an ongoing exercise for both parties (including knowledge transfer on how to manage and interpret the contract). Unfortunately, when the original deal team has left, and this does happen, something valuable could also be lost. What is often lost is the understanding behind the concessions made in the contract – the business reasons for the comprises (or the refusal to compromise), the starting positions of both parties on a myriad of issues, and the thinking that drove both parties to the business arrangements and ultimate wording of the contract – including, and maybe most importantly, their understanding of what the wording of the contract actually meant. When an outsourcing deal gets to the point where the teams have completely changed, the individuals left managing the contract may have different perspectives on what the contract actually means, and what the original intent really was. This can lead to protracted and expensive renegotiations as the parties struggle to understand the thinking behind various parts of long complicated contracts, particularly when they are doing so without the benefit of full hindsight.

The deal autopsy is a useful tool for each party to leave behind for the operations and “deal teams” to refer to, particularly as they experience personnel changes on both teams. The purpose of the deal autopsy is to memorialize the thinking, interests, positions and concessions behind all of the provisions of the contract. The deal autopsy should start with the objectives of each party. It should analyze each objective and describe how the objective is to be achieved under the contract. The deal autopsy should include a road map of each significant clause in the contract, or issue that was addressed by the parties during negotiations, stating the starting positions of each party, their respective interests, the compromises that they made and why, the business reasons used to support their positions and their concessions, and a business description of the agreed outcomes, and a business description of what the contract is trying to state, and why. The deal autopsy should also describe the business understanding of the risk sharing between the parties and the areas of heightened sensitivity from the negotiations. While this may seem like a make work project, the information, once captured, can be invaluable for future team members, particularly in a long term outsourcing when personnel is bound to change. This information will not only help the parties interpret the contract as time goes on, but will also help them negotiate change orders throughout the life cycle of the deal, particularly when the change orders touch on areas of heightened sensitivity, risk sharing, business transformation and economic terms. This type of information could be used by both teams to avoid unintended consequences when they are interpreting the contract and negotiating change orders that have a widespread effect throughout the contract.

Deal autopsies should be done when the deal team members are still available and the concepts are relatively fresh in their minds. Unfortunately, the best time to do a deal autopsy is soon after the contract is signed, when both teams are busy with transitioning the business to the service provider and learning their new roles under the contract. For this reason, deal autopsies are rarely done. In a long-term outsourcing, failure to do a deal autopsy could be harmful in the end.

It is commonplace these days for parties to an IT contract to consider alternative dispute resolution (mediation or arbitration) as a means for resolving disputes. I have written on the topic of mediation in outsourcings, and concluded that it was useful in some outsourcings, but not all. At an engaging lunchtime seminar I attended the other day on ethics and professionalism issues arising in IT law, I had my thinking on this topic jolted by a turn in the discussion towards the use of subject matter experts by the court. One of the speakers, Don Johnston, pointed out that courts had long used independent experts in admiralty cases to understand the potentially complex fact scenarios arising at sea, and wondered what was so objectionable about courts using experts in IT cases, where the technology would be at least as murky. It got me thinking that the problem with cookie-cutter dispute resolution clauses that often appear in IT contracts is that they attempt to apply the same process to every dispute.

Disputes arising from IT contracts can be broken down in a number of different ways. One way to distinguish disputes is by the remedy sought by the parties. In my view, a dispute should be handled differently if the parties are looking for injunctive relief or specific performance than if the parties are merely seeking payment or some other remedy. A dispute resolution process should be flexible enough to allow the parties to select a method of dispute resolution that will provide them with the remedy they seek. To avoid additional friction when a dispute arises, I would suggest that the parties turn their minds to this issue when preparing the agreement, and carve out from a general dispute resolution clause and the convention escalation procedures any disputes that require a special remedy. Some agreements will carve out intellectual property related disputes from a mandatory ADR clause, allowing the parties to seek emergency injunctive relief. It would also be appropriate to provide such a carve-out for disputes involving a breach of confidence for the same reason. Another dispute that is often treated differently is a dispute regarding whether a payment is owed. Since the only issue is such a dispute is whether and how much money is owed from one party to the other, a payment dispute may be resolved while the relationship continues and work proceeds. This works best when the payment dispute resolution process is quick and binding, to avoid the possibility of abuse by the contract payor.

Another way to divide up disputes arising from IT contracts is by the nature of the dispute itself. Some disputes are at their core about contractual interpretation, some are about determining standards of care, and some are about interpreting technical specifications. Different expertise is required of an adjudicator to address the concerns of each type of dispute. Many of these disputes center around a critical finding of fact or law, and not with an assessment of damages or any requirement for a court order. Once this critical finding is made, the parties can sort out the rest by themselves.

Here is a crude breakdown of dispute type correlated with expertise required of a neutral or adjudicator. I have also proposed some alternative dispute mechanisms designed to bring objectivity to the process without limiting the parties’ ultimate rights and remedies at law.

The ultimate goal is to introduce objectivity into the discussion between parties early in a dispute, before the parties’ positions are hardened. The parties can learn from the neutrals and inform their positions leading into a formal dispute process, and may discover that the positions taken are unreasonable or unsustainable, thereby diffusing the conflict. Rather than trying to make this process mandatory in contract, I feel that it would be most persuasive and effective if it was purely voluntary. In my examples above, by ensuring that the decision of the neutral is not binding, the parties can invoke the process without damaging the relationship by pushing it to a formal dispute process. This is of particular importance in IT contracts that create an ongoing relationship, where dispute is inevitable, and preserving the relationship is of paramount concern to both parties.

There is room within IT contracts for a flexible and voluntary dispute resolution process that separates out disputes that are amenable to early resolution, and which introduces a neutral having appropriate credentials to the process to provide objectivity to those disputes before they spin out of control.

Regardless of the function being outsourced (whether it is data centre networking services, business process outsourcing, call centre services, application development and programming), performing a detailed and thorough due diligence is the first step in cementing a successful and healthy relationship for both supplier and customer. The objectives of performing due diligence are to allow both parties to understand customer’s business requirements and objectives, to evaluate the supplier’s capabilities, to understand the cost components, to ascertain the risks to both parties, and to establish the level of cultural fit of both organizations. The extent to which the parties can minimize the assumptions and dependencies will depend on the amount and quality of information available. With the right amount of quality data, the parties can have more certainty in the solution and pricing proposal. This will in turn facilitate an effective negotiation.

There are different types of due diligence that the parties will need to undertake. First of all, before any decision to outsource is made, customer will need to perform due diligence on its own business. Customer will need to identify the objectives it wishes to achieve, determine the scope fit for outsourcing, assess the current delivery model and service levels, identify the future requirements for the services, and forecast the return on investment.

Customer also needs to perform due diligence on types of service offerings available in the marketplace, the capabilities of various suppliers, and to assess potential supplier’s ability to deliver the services, their approach to service delivery, determine whether there are any current or anticipated resourcing pressures which may impact the delivery of the services by supplier, and to assess the level of cultural fit between the customer and supplier organizations.

It is also very important for customer to provide sufficient opportunities and data for suppliers to perform due diligence on the business or functions being outsourced. Supplier needs to be provided with an opportunity to fully understand customer’s business, to confirm the business requirements, to understand whether and how the service levels are being achieved by the customer, and to validate any assumptions. Where customer organization is currently performing the services in-house, it is not unusual that customer may not necessarily have all the service level data documented. Supplier usually insists upon a post-contract verification period to assess whether the service level requirements are achievable. This means customer will not have certainty on every component of the contract on signing. Pricing and/or service levels may be subject to change depending on the data gathered during the verification period. This uncertainty can be avoided if the customer is able to provide quality and reliable historical data on the service levels.

My last column focussed on customer and service provider concerns that arise with various aspects of long term outsourcing relationships. I now want to discuss structuring specific provisions to take those concerns into account. This week’s posting will look at price adjustment provisions and the one to follow will discuss change management.

The price adjustment provisions of long term outsourcing arrangements need to respond to the concerns of the customer and the service provider. For the customer, these concerns are based on the worry that, after a few years, the customer will be paying too much for its outsourcing services: perhaps because of the cumulative impact of year-over-year declines in market price, after a few years the pricing of the services it is purchasing will be uncompetitive. The service provider, on the other hand, is concerned that any price adjustment provisions that are designed to ensure the customer receives market competitive pricing will skew the pricing, eliminating deliberate back-end loading or the intentional cross-subsidization of low margin services by the higher margin ones. In either case, the impact of any price adjustment provisions will be to erode the service provider’s profit margins or, in extreme cases, force the service provider to provide services at a loss.

In designing the price adjustment provisions that will respond to these concerns, the customer and the service provider should consider:

(i) how the pricing is structured under the outsourcing relationship;

(ii) the information that will inform their decisions; and

(iii) the price adjustment process.

The Pricing Structure

For the price adjustment provisions to be successful, the customer and the service provider must have a clear picture of both the services being provided and the prices being charged for those services. In a recent ten year transaction, the monthly price for services was flat lined over the entire ten year term, with the customer paying the same aggregate fee each month of the term for all of the services it received. This meant that, on a daily basis, the customer and the service provider did not have a good sense of what the services were costing and whether someone’s pocket was being picked. Not surprisingly, neither party was happy with this pricing structure and it ended up being a source of irritation to both and ultimately of conflict. It is preferable if the services provided by the service provider are individually priced and accurately reflect the parties’ estimates of the costs of providing the services. This means, for example:

• Infrastructure and application services should be disaggregated to identify separately the individual components of the services;
• Transition and transformation services should be separately priced or, if blended into other pricing components, the amount being charged and for how long should be clearly identified;
• There should be a separate charge for the service provider’s account management services, i.e. for the general administration and relationship management services including change management provided by the services provider;
• Termination transition charges should be paid for on a time and materials basis, not blended into and recovered from ongoing services’ costs;
• For each service, there should be base charges that apply to a baseline level of resources with Additional Resource Charges (ARCs) and Reduced Resource Credits (RRCs) for variations from the baseline; and
• Inflation should be specifically dealt with, by geography.

Information

If the price adjustment process is to be successful, the customer and the service provider require information about the service provider’s charges and about market pricing.

Customers frequently refer to their requirement for information about the service provider’s pricing as the need for “transparency”: the service provider should be transparent about what its pricing includes. For example, if the service provider is providing the services using dedicated equipment, how frequently will that equipment be refreshed? If security services are not separately priced but, rather, included in the charges levied for the infrastructure services, what is included within the purview of those services? In the case of services that are charged on a fixed price basis, e.g. application maintenance or support services, what level of contingency has the service provider included to take account of risks including unforeseen circumstances and increased demand?

The need for information goes beyond just having details of the service provider’s current pricing. The customer and the service provider need information about the market pricing of the services that are currently being provided. Here, the customer may be at a significant disadvantage. The service provider should have insight into current market prices from being in the market and competing for new business or from any price adjustments it is forced to make to retain its existing customers. The customer lacks these insights.

For the customer, the best source of information about the market pricing of the services being provided is, of course, for the customer to re-compete the services and find out at exactly what prices competitors are willing to provide the services. But issuing an RFP is a costly exercise and the costs to transition to a new service provider, if that is the result, can be significant and outweigh any cost savings. Still, for the customer to have leverage in any price discussions, the customer needs reliable market information: this usually entails the customer having the ability to use third party benchmarkers such as Everest to obtain data about the market prices of similar services and to indicate how the service provider’s pricing compares to market, e.g. is it in the top decile? The top quartile? About the fiftieth percentile? This does not mean that the customer needs to actually carry out the benchmarking – often the threat will motivate the services provider to “sharpen its pencil” sufficiently and provide significantly reduced pricing that will be acceptable to the customer. However it is important for the customer to have the ability to invoke benchmarking.

There are other sources of information about services pricing that the customer should not ignore, although taking advantage of them will require effort, planning and dedication. The customer may be able to use freedom on information legislation for example to obtain the pricing from government outsourcing contracts. The customer may also be able to compile estimates of market price reductions by using publicly available information such as indices of hardware, software or labour prices.

Process

The customer and service provider should define in the outsourcing contract the price adjustment process that will be followed. This process will need to allow for exploratory discussions, the benchmarking, joint review of the results of the benchmarking and implementation of the results.

The price adjustment provisions in outsourcing contracts are frequently drafted to entitle the customer to invoke the price adjustment process at any time after, say, the second anniversary of the effective date but perhaps not more frequently than once per year. This ignores the reality that many outsourcing relationships take some time to stabilize. Two years may be too early in the relationship and too short a time there to have been significant adjustments in the market price, so that the price adjustment provisions will not be effective. Moreover, after a price adjustment has been implemented, both the customer and the service provider should be entitled to a stabilization period during which prices should not be subject to change and this period should be longer than twelve months. It may be preferable therefore for the customer and the service provider to agree on periodic price adjustments using a cycle that is aligned to the service provider’s likely hardware and software amortization cycles (or designed to take them into account), e.g. every four or five years, perhaps based on anniversaries of the effective date. This will introduce some certainty into the process as well as providing the customer with the benefit that the service provider may seek to pre-empt the price adjustment process by making unsolicited price reduction proposals just in advance of each price adjustment process.

Perhaps the most difficult issue to resolve in connection with the price adjustment process, and the one that cuts to the heart of the customer and service provider concerns, is how to use the results of any benchmarkings that may take place. There are a variety of options including:

• Using the benchmark results as input and information for negotiated price adjustments, without allowing them to be determinative
• Using the benchmark results to support the price negotiations and as the basis for an appeal to expedited arbitration if the negotiations are not successful
• Implementing phased reductions of the service provider’s prices based on the results of the benchmarking
• Implementing immediate reductions of the service provider’s prices to the benchmark standard, possibly with retroactive effect to the commencement of the price adjustment process
• Reducing the service provider’s prices to the benchmark standard, with immediate effect but subject to a maximum reduction in any price of (say) ten percent
• Causing immediate reductions of the service provider’s prices to the benchmark standard, with the service provider having a right to terminate any service towers (often with reduced termination transition fees) in respect of which the service provider is not able to provide the services on a profitable basis.
• Allowing the customer to terminate any service tower for which the service provider does not agree to reduce the price to the benchmark standard.

Which of these options is the right one in the circumstances will depend on more than just the parties’ objectives for the price reduction. It will also depend on the options available to them. For example, if it would require significant time or impose significant costs on the customer to transition services to another service provider, it may put the customer at a disadvantage to allow the service provider to terminate the arrangement if it disputes a reduction in prices based on the results of the benchmarking. In these circumstances, it may be a better option for the customer to specify phased reductions or to limit the magnitude of the price reductions that can be implemented in any one process.

If the customer and the service provider approach the price adjustment provisions having regard to the concerns of each party, it will be possible for them to draft provisions that accommodate the interests of both. In our next posting, we will take a similar look at change management.

The number of law firms to engage in legal process outsourcing (LPO) is still relatively low but is growing. In a recent survey by Legal Week, 15% of law firms said they use LPO services, with half believing that number would grow over the next year.

But while law firms weigh up their options, numerous corporations (including some of the largest global corporations) have clearly moved ahead by entering into their own LPO arrangements.

UK construction giant Carillion, employing 50,000 staff and with an annual revenue of around £5bn, has entered into a relationship with a UK LPO provider to conduct lower-level legal work in India, including due diligence. According to Carillion’s head of legal Richard Tapp

We are trying not to see outsourcing as a revolution but as an extension of how we expect the network to operate. If we get caught up on labels, one of the problems is the LPO label frightens people.

The Canadian Lawyer magazine recently ran an article titled Time to get on board. The captioned headline read: The legal process outsourcing ship has sailed and Canadian law firms need to make sure they’re not left behind by clients seeking more cost-effective legal services. 

According to Jordan Furlong, of Edge International Inc.,

LPO is not a threat to law firms, but it is a threat to the way law firms traditionally have gone about their business because what LPOs bring to the equation is efficiency, a focus on process, and a much more streamlined approach to the creation and delivery of legal work.

Hilary Clarke, a senior partner at McMillan LLP acknowledges that the firm has used an Indian firm to handle routine repetitive tasks in a cost-effective way, “to great advantage”. 

LPO is no longer a future promise. It is now a practical solution offered by Canadian-based companies with overseas operations that offer the cost advantages of offshore outsourcing while providing the reassurance of oversight and management by Canadian-based lawyers. 

LPO is a solution that has already been adopted by large Canadian banks and many corporate legal departments. Whether LPO is a perceived threat or a new opportunity for law firms, it is generally agreed that LPO represents acceptable change in the legal landscape.

Cloud Computing

Cloud computing has grown significantly in the last few years. A Gartner Executive Program survey of more than 2,000 Chief Information Officers (CIOs), representing 50 countries and 38 industries, found that cloud computing is the number one technology priority for 2011. Fully 43% of the CIOs expected that a majority of their IT will be running “in the cloud” within four years.¹ In its updated June 2011 forecast of Information Technology spending, Gartner stated that cloud computing expenditures are likely to rise by 16-20% per year through 2015, representing 4% of global IT spending by the end of that period. Richard Gordon, research vice president at Gartner, noted that expenditures for cloud computing services grew four times faster than overall IT spending.²

What is Cloud Computing?

The term “cloud computing” has been used to refer to almost anything from the ability to access virtual servers over the Internet to the consumption of any information technology service situated outside an organization’s infrastructure. The more precise technical meaning, however, is expressed in the following draft definition published by the U.S. Government’s National Institute of Standards and Technology:

[A] model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.³

As this suggests, the key feature of cloud computing is the ability to access a remote, shared IT infrastructure on an as-needed basis. 

Benefits of Cloud Computing

There are many benefits of cloud computing, including that organizations that use cloud computing are not required to maintain their own localized infrastructures to support the services; rather, they pay for the use of technology resources only when and to the extent that they actually need them. As a result, users can avoid the expense of setting up and looking after in-house infrastructure. Among other things, this allows organizations to replace up-front capital expenditures with a more fluid operational expenditure that more closely tracks actual business activity. Further, because cloud computing services are available to multiple users leveraging the same infrastructure, the cloud service provider is typically able to achieve significant economies of scale, producing additional savings for its customers. 

Federally Regulated Entities under OSFI Guideline B-10

Guideline B-10 of the Office of the Superintendent of Financial Institutions (Canada) (OSFI) governs cloud computing arrangements (and other outsourcing agreements) entered into by Federally Regulated Entities (FREs).⁴ For the purposes of the Guideline, the term “FRE” encompasses all Canadian banks, insurance companies, fraternal benefit societies, trust and loan companies and cooperative credit associations and Canadian branches of foreign banks and insurance companies.

Guideline B-10 imposes overall accountability and control requirements, and requires an assessment of the materiality of an outsourcing arrangement and the implementation of a risk management program (the scope and nature of which will vary depending on the materiality of the outsourcing arrangement in question).

B-10 and Cloud Computing

Many of the issues that cloud computing raises for FREs are not unique to cloud computing; they exist in the context of any outsourcing. Nevertheless, cloud computing involves a host of inherent risks, including the use of shared resources; the use of multiple dynamic data transfer routes (to minimize bandwidth usage); dependency on a commoditized, non-customized, volume-based solution; and the use of infrastructure scattered over multiple locations (often in low-cost centres with minimal legislative data protection obligations). The significance of the issues involved in cloud computing will largely depend on the materiality and nature of the services obtained. It would be prudent for FREs to consider the following issues in connection with the development of their cloud computing strategies:

1. Data commingling and segregation 

   The use of shared virtual infrastructure may create data commingling and segregation issues. B-10 requires service providers to be capable of isolating an FRE’s data, records and items in process from those of other customers at all times. As a precondition of entering into a cloud computing arrangement which is subject to B-10, an FRE must therefore determine whether the cloud service provider can offer the service in a manner that permits proper data segregation.

2. Accessibility of confidential information

   The nature of cloud computing – including the ability for multiple entities to access shared resources and the use of multiple locations across low cost regions – can create data security and privacy issues. B-10 requires the FRE to ensure that security and confidentiality policies of the cloud computing service provider are commensurate with those of the FRE, which should ensure that all necessary protections are in place to secure the confidentiality of the data provided to the cloud infrastructure. In particular, contractual provisions should clearly define who has responsibility for protection mechanisms, the information that is covered by such protections, the ability of either party to modify security procedures and requirements and notification obligations of the cloud service provider should any confidentiality or security breach occur.

3. Business continuity

   The FRE’s business continuity plans must address all reasonably foreseeable situations in which a cloud service provider may be unable to continue to provide services at the required levels. Most importantly, in the context of any business interruption affecting the cloud service provider, the FRE should ensure that it has access to all necessary records to allow it to continue its business operations and meet any statutory obligations or other obligations to OSFI. 

4. Data location

   A cloud service provider’s infrastructure and software may be dispersed across multiple locations across the globe. This may be problematic for FREs since B-10 requires the contract governing the provision of the cloud services to identify the nature and scope of the services, including specification of the physical location where the services are being provided. While this may be possible at the outset of a cloud computing arrangement, the dynamic nature of cloud computing means that regular updates should be contemplated under the contract in order to address any shift in the location of the information technology infrastructure supporting the services. In addition, contractual provisions to address any deficiencies in legislated privacy protections and issues relating to access rights of foreign governments and their regulatory agencies should be considered.

5. Subcontractors

   Many cloud service providers enter into subcontracts for additional virtual technology infrastructure on an as-needed basis. FREs need to ensure that subcontracting limitations are imposed to ensure that all such subcontractors are subject to the same security, confidentiality and audit obligations as the cloud service provider.

6. Monitoring cloud arrangements

   The nature of cloud computing can make monitoring and auditing the arrangements difficult. B-10 requires that the FRE be able to monitor the services to ensure that they are being delivered in accordance with the FRE’s requirements. The FRE must be capable of evaluating the cloud service provider from time to time, including its internal controls (which may be satisfied through the provision of a SAS70 or analogous control report). The FRE must carefully consider how best to ensure that the necessary monitoring can occur, based on the service model and geographic territory of the services being provided, as well as on the level of monitoring required (given the risks presented by the cloud computing arrangements in question).

7. e-Discovery

   While not specific to FREs, some thought should be given to the growing need to facilitate e-discovery (the production of electronic data and information required in the “discovery” process that occurs when a lawsuit is initiated). The use of cloud computing could lead to delays and costly efforts to produce relevant materials due to data commingling or data dispersion across locations and/or service providers.

Know the Challenges – Address the Risks

Virtually all organizations’ IT business plans include at least some outsourcing of IT functions to third parties. Because cloud computing offers so many advantages, its adoption is, for many companies, a question of “when” rather than “if”. Security and other challenges faced by FREs in the context of cloud computing are not unique to FREs, but are more pronounced due to the need to comply with B-10. While in certain contexts the challenges and compromises inherent in cloud computing may preclude its adoption by the FRE, in most cases cloud computing will work well, provided that the FRE carefully considers the relevant issues before entering into any agreements.

_____________________________

1. KPMG – Cloud Computing: Is the perfect storm ahead of us?
2. http://www.gartner.com/DisplayDocument?doc_cd=214540&ref=g_noreg
3. http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf
4. http://www.osfi-bsif.gc.ca/app/DocRepository/1/eng/guidelines/sound/guidelines/b10_e.pdf

Imagine the 20/20 vision of hindsight, and consider the following:

1. The Importance of Innovation.

Key value propositions of any BPO are, put simply, better, faster and cheaper. However, there is an often overlooked, long term value proposition of a BPO – the ongoing strategic business improvements that vendors ought to provide throughout the term.

Outsourcing service providers typically focus on business solutions as they are challenged by clients to solve problems. Reaching the end of the long road of transition and transformation, navigating the many potholes along the way, service providers, and indeed clients, are content and even relieved to settle into the new state of “status quo”. But once the deal moves beyond the operational cost savings and improved efficiencies there is always room for improvement.

Ensuring the outsourcing service provider continues to bring thought leadership and leading industry expertise to the deal, over the term, is an important factor in the success of the deal. But more importantly, continuing to bring operational efficiencies and strategic business value, whether it’s the introduction of new business processes, products and services, or continuous improvements, may be the ticket to ensuring a successful, healthy business relationship over the longer term.

Make sure you include in your BPO contract the expectation of the parties around ongoing innovation and make sure that you manage the contract to achieve those expectations. Complacency in the face of a rapidly changing industry is a recipe for relationship disappointment and worse, disaster.

2. Remember, BPOs are not Turnkey Contracts.

Clients who undertake BPOs for the first time often underestimate the ongoing requirement for their continued involvement in the outsourced business after the deal is signed. Clients sometimes have a tendency to treat the contract like a turnkey agreement where everything will be done by the service provider without much input, if any, from the client.

The key to success of any BPO is to keep the client informed and engaged so that it can make meaningful decisions in a timely way. All to often clients lose sight of the outsourced business and end up relying on either the service provider, or newly retained consultants, to make business decisions that have both budget and business implications for the client.

Clients need to keep abreast of all developments of the outsourced business (both in terms of technology and process changes). This not only assists the client in making informed decisions as the business is transformed, but it will also facilitate knowledge transfer back to the client when the contract comes to an end. Managing the contract, and keeping informed of all developments is, and should be, a full time job, for any BPO of significance or complexity. This is not something that can be successfully achieved on the corner of someone’s desk – a lesson that is often learned when it is too late.

Gain-sharing, as a concept, appears to be falling out of favour in recent outsourcing transactions. Once considered an innovative concept for sharing saving made by the supplier of outsourcing services, it has proved unworkable, or forgettable, over the years. Gain-sharing clauses started appearing in outsourcing contracts at least as early as a decade ago. The principle is simple: if the supplier finds a way to save costs while providing the same service, it will share those savings with the customer.

Gain-sharing has a fundamental problem: the interests of the supplier and customer are not aligned. The customer is trying to save costs while the supplier is trying to make money. This tension between opposing interests naturally leads to an equilibrium – that point at which both parties feel that they are getting value from the relationship. Once this equilibrium is established, the commercial interests of each party favour maintaining that equilibrium. Gain-sharing can threaten that equilibrium by pressuring the supplier to reduce its costs while undercutting the supplier’s incentive to do so. The supplier will have difficulty stirring up much enthusiasm for gain-sharing when it could threaten its business case for the outsourcing in the first place.

Another issue with gain-sharing is that it may not actually lead to any savings. While a change in a solution, such as a design change or a change in subcontractor, could theoretically save ongoing costs, when that solution is formally brought into the outsourcing agreement between the parties, the implementation costs, including legal costs and other business process costs, may outweigh the savings that the customer would realise. For this reason, the supplier may choose not to perturb an established and working solution for the opportunity of cost savings, reasoning that the long term gain is not worth the short term pain.

Gain-sharing is also easily forgettable. In a longer term outsourcing, with the myriad of day-to-day issues that face both the customer and supplier, someone has to remember to enforce a gain-sharing provision. Typically that burden falls on the customer, it being in its interest to do so. If the customer does ask for an accounting of gain-sharing savings that the supplier has realised, the answer from the supplier may be that there are no such savings. It would be nearly impossible for the customer to prove otherwise.

A gain-sharing provision may make good sense when the incentives of each party can be driven together. One example is where the customer and the supplier have agreed to share certain third party costs. If the supplier is able to realise a savings on those costs, some of those costs could be shared. The supplier and customer together may be able to work together to leverage their combined position in negotiating lower costs with the third party. This can work well when purchasing equipment or licensing off-the-shelf software from third parties.

Gain-sharing is an example of a concept that was good in theory, but rarely worked in practice. It may be time to move this concept out of our outsourcing templates permanently.

The Clock for the Long Now, a project of the Long Now Foundation, is intended to keep time accurately for 10,000 years. It was conceived by Danny Hillis in 1986 as a way of connecting us with future generations. Unable to predict what the world would look like in 10,000 years, but faced with the challenge of developing an object that would last that long, keep time accurately over the duration and be useful, the designers were forced to abandon short term thinking in favour of the long term. They had to deal with the most fundamental issues such as the problem that no one has any idea what measure of time the human race will use in the year 12000. They began, not by trying to make existing time pieces last for longer and longer periods of time, but, rather, by identifying the basic design principles that such a clock would need to satisfy; things like longevity, maintainability, transparency and scalability. (For more information on the 10,000 year clock, see http://electronics.howstuffworks.com/gadgets/clocks-watches/10000-year-clock.htm or http://en.wikipedia.org/wiki/Clock_of_the_Long_Now.)

There is a connection between the Long Now Foundation and the outsourcing industry. And no, notwithstanding the secret wishes of service providers, the lesson is not that now is the time to start thinking about 10,000 year contracts. Instead, it is their approach to developing an object that would last, continue to function, and be useful for 10,000 years can act as a guide to the outsourcing industry as it grapples with how to design and implement long term outsourcing relationships. As the Long Now Foundation began by identifying the basic design principles of the 10,000 year clock, the right way to tackle the problem of long term outsourcing is to first identify the “design principles” that long term outsourcing relationships need to address, i.e. what are the concerns of the customer and the service provider with long term arrangements? Once the concerns have been identified, it will be possible to talk about the provisions that should be included in the outsourcing contract to deal with them.

This week’s posting and the one to follow will look at long term outsourcing relationships and will follow the approach suggested above. We will begin by identifying, in this week’s posting, some of the different customer and service provider concerns that arise from the long term nature of the relationship. The next posting will examine how to address these concerns in structuring the outsourcing relationship and in drafting the contract terms. 

One preliminary point is in order. For the purposes of this posting, a long term outsourcing relationship will be considered as anything with a term of six years or longer. Although the six year term is not critical for what follows, it does separate these contracts from those that typify the current trend to shorter term transactions. The webinar, The Canadian Outsourcing Market: At A Crossroads, presented by the Centre for Outsourcing Research and Education (CORE) on June 23, 2011, noted that the term of outsourcing agreements has gone from an average of 7 years in 2002 to 4.58 years in 2010. CORE did recognize however that some customers are resisting the trend to short term transactions by consolidating service providers and moving to longer term relationships.

The concerns that long term outsourcing agreements need to deal with include the following:

Pricing: This is one of the biggest issues, for both the customer and the service provider. Customers are concerned that, regardless of how competitive the pricing may have been initially, by the time six or more years have elapsed, they will be paying far too much. And the available price adjustment mechanisms do not appear to be particularly effective at responding to these concerns. Most favoured nation clauses are difficult to negotiate, hard to enforce and of limited value in keeping the service provider’s prices at market levels. Benchmarking provisions may be easier to negotiate into the outsourcing contract, but they are time-consuming and costly to exercise and implementation of the results can be contentious. Even where the customer anticipates that it will be able to use other mechanisms to encourage or compel the service provider to have discussions about pricing, e.g. the threat of re-sourcing, in-sourcing or terminating services, the customer will frequently be hamstrung in any resulting negotiations by the lack of meaningful information about the components of the service provider’s pricing. Often, for customers, the best guarantee of obtaining market competitive pricing appears to be a re-compete.

The service provider’s pricing issues are at the other end of the teeter-totter. In multi-tower transactions, the service provider may be concerned that when any price adjustment mechanisms in the outsourcing agreement are invoked, they will allow the customer to reduce the prices of the profitable services, without taking account of the fact that that pricing is cross-subsidizing the lower margin, less profitable services or that part of the reason for the higher price of these services is amortization of the costs of the account infrastructure that are not separately charged for. In back-end loaded deals where, frequently, the higher profit in the out years compensates for lower margins during the early, more costly years of the transaction, the service provider worries that the customer will quickly forget these trade-offs once the customer has reaped their benefit: the customer will push for market pricing in the later years of the outsourcing arrangement that never allows the service provider to recoup postponed profits from the early years.

Coping with Change: For both customers and services providers, the ability of long term outsourcing relationships to deal adequately with change is a serious concern. The change order processes that are customary in outsourcing contracts usually categorize the changes that are likely to occur, e.g. material changes, contract changes, operational changes and emergency changes, and define specific procedures to deal with each type of change. The change order processes can be well suited to dealing with these sorts of discrete changes and can do it very well over the entire term of the outsourcing agreement. What they are not as well suited to dealing with is the external events that, while they may affect the customer or the service provider, do not impact the services directly. Nor are the change order processes appropriate for dealing with the changes that occur gradually over the term of the contract but where the cumulative effect can be great.

The issues that these types of changes can create, and that need to be confronted in contracting for a long term relationship, touch all aspects of the outsourcing. They raise business, financial and technology concerns:

(i) Business Issues: The potential business changes that the customer should be considering are those relating to its business, the business of the service provider and the market place in general. On the one hand, the customer needs to recognize that its business will evolve over the term of the outsourcing relationship, whether as a result of Mergers and Acquisitions or changes in its production processes, locations, clientele, products or services: the customer should ensure that the outsourcing relationship is sufficiently flexible to accommodate these changes. But the customer also needs to worry about whether the service provider’s business will evolve to keep up with the market, changes in the financial condition of the service provider and even the possibility that the service provider ceases to do business. And, at a “macro” level, the customer should be anticipating changes in the vendor market place such as the disappearance of existing service providers and the emergence of new competitors, product offerings and solutions.

For each of the potential business changes that the customer should be anticipating, there are reciprocal service provider issues. The service provider needs to consider how its business will evolve – what happens if the market evolves away the specific services being purchased by the customer but the customer refuses to move with the market and insists on staying with the same services? The ability to leverage costs across multiple customers that enable the service provider to provide cost effective services may evaporate in the future, leaving the service provider supporting a costly, dead-end service. Or changes in the customer’s business may undermine the outsourcing by removing, from the scope of the outsourcing, services that were fundamental to the service provider’s solution. And, again at the macro level, changes across an entire industry segment can fundamentally alter the nature of the outsourcing transaction and create challenges for the service provider such as occurred in the financial and automobile manufacturing sectors following the recent recession. 

(ii) Financial Concerns: We touched on some of the financial issues in the discussion on pricing above. One specific aspect of the customer concerns that, over the term of the outsourcing relationship, its pricing will become uncompetitive, is the cumulative impact of gradual year-over-year declines in market price: although initially the customer’s pricing may have been ahead of the market, after six or more years of small declines in the market price, the customer’s pricing may be significantly above market. Correspondingly, the service provider may be worried that, in the absence of appropriate Cost of Living Adjustment (COLA) provisions in the outsourcing agreement, increases in its costs of providing the services will not be properly accounted for and its profit margins will gradually be eroded over the term.

(iii) Technology Change: The technology changes that the customer needs to anticipate relate to the specific services that are being provided to the customer as well more general technology change. The customer will want to ensure that the hardware and software being used to provide the services are refreshed every three to five years and that the service provider does not continue to operate using outdated or end-of-life systems that barely scrape by. How to build these technology refreshes into an outsourcing agreement and to properly account for the costs in a market where equipment costs are declining and labour costs are stable or increasing is a challenge. But the technology issue encompasses more than just contracting for periodic technology refreshes. The customer will also want to know that the service provider has kept up with changes in technology, both gradual evolutionary change and “the next big thing”, and that the functionality of the solution the service provider is offering is at market. The customer does not want to find itself locked into a technology solution under a long term outsourcing that it would not accept if the services were being re-competed.

Equally, however, the service provider has to deal with customers who are, for whatever reason, reluctant to embrace new technologies. For the service provider, it will be important that any technology currency obligation that, say, requires the service provider to remain at “n-1”, apply equally to the customer and that the customer be responsible for the costs the customer incurs in so doing. If the customer does not remain current, in a long term outsourcing relationship, the service provider may well find itself forced to provide costly support on a dedicated basis (because no other customer is using the technology) for outdated technology.

Qualified Personnel: In contemplating a long term relationship, the customer may be concerned because, over the term of the relationship, the representatives of both the customer and the service provider who were involved in the initial negotiations will move on to other activities, taking with them both their understanding of contract terms and their appreciation of the trade-offs that were involved in negotiating the contract. Their replacements may not have the history of the transaction or a good understanding of the contract terms. The customer needs to anticipate how it will maintain the perspective and knowledge of the transaction that it requires to manage the outsourcing transaction in future in the face of these challenges.

Lack of Attention: As the customer considers entering into a long term outsourcing relationship, the customer will be concerned that it not be taken for granted over the term of the relationship. Early on in the term, the service provider will willingly dedicate its “A team” to addressing customer requirements, will provide new technology and will propose innovative ideas. But outsourcing relationships frequently coast into middle age where the services and the technology become stale and outdated and whatever proposals the service provider delivers no longer address customer concerns or delight the customer. The challenge for the customer, at the time it enters into the outsourcing agreement, is how to maintain the initial, high level of intensity throughout the term.

Conclusion: This list of concerns set out above is not intended to be comprehensive. However it is intended to identify some of the issues that the customer and service provider will need to consider if they are to structure long term outsourcing agreements for success. In the next posting, we will look at some sample contract provisions that respond to these concerns.

[With special contribution by Jim Eckler]

In this article, I follow up on the statement made in my last column in which I said “I’d seek to bust the myth that what’s good for a vendor must be bad for a customer and vice versa.” In writing those words, what I had in mind was to explore a newly developing genre of outsourcing known as “Vested Outsourcing”^fn. To help with this undertaking, I’ve turned to the colleague who first introduced me to this outsourcing model – Jim Eckler, President of Eckler Associates and a leading expert in outsourcing with over 35 years of experience in the supply chain management field, specifically in business strategy development, operations productivity improvement, and logistics information technology strategy.

Vested Outsourcing – What is It?

The key thing about a vested outsourcing arrangement is the radical redefinition of success. The objective, Jim explains, is to structure the deal so that the measurement of success for the vendor is aligned with the achievement of success for the client’s business. In Jim’s experience, this realignment has a profound impact on the deal and the parties’ relation with one another. The typical measurement of success in an outsourcing lies in the combination of two deal ingredients: is the vendor, for the expected fees, meeting or exceeding the expected service levels? The new model repositions success for the vendor as residing in the achievement by the client of a goal. On this new model, the vendor has a vested interest in the success of the client’s business, as opposed to a narrower perspective in terms of the success of the outsourcing contract relationship, which may well be derivative to the client’s overall business success.

There are several implications to this approach, Jim advises.

The first is that these deals are not negotiated in the same way traditional outsourcing deals are. Specifically, what seems not to work in order to accomplish the desired alignment of goals in a vested outsourcing, is the conduct of a traditional, multi-party, competitive procurement process. As a lawyer well versed in such procurements, I must say that I am partial to them and have seen clients derive great value from them. However, I am also sympathetic to Jim’s point. This type of procurement process is undertaken with each party fixed on its own interests, and is, as a consequence, by necessity adversarial where those interests do not align. Jim’s point is that a negotiation process that is structured on an inherently adversarial basis is unlikely to be one that results in the desired alignment of interests.

So, a different approach is needed. When giving advice to vendors approaching a vested outsourcing, Jim recommends the vendor begin by reviewing the annual report of the client and the CEO’s message to begin to assess the client’s priorities and determine opportunities for alignment. This step is the first in a broader context to conduct interest-based negotiations for the development of an outsourcing agreement. Jim also advocates the use of a mediator as part of this process, whereby each of the parties and its respective counsel would present their interests and a mediator would assist the parties in finding alignment. The introduction of a third party mediator seems to be a key ingredient in objectively identifying opportunities for alignment, just a mediator might be used as part of a settlement process for the same reason.
The next key implication to vested outsourcing is that this alignment of interests is complicated. Vendors are expected to put “skin in the game” with each party assuming real business risk, but where a “win-win” outcome is sought. This creates an incentive on the part of the vendor to apply brain-power or investments in its technology or service delivery model to solve the client’s problem. If a specified business outcome is achieved that results in success for the client, then the vendor is accordingly remunerated; conversely, if the outcome is not achieved, the vendor carries the risk of financial penalties.

Why Adopt It?

Jim’s view is that vested outsourcing solves a current problem in the outsourcing market. The perceived problem stems from the result of traditional outsourcing negotiations and the sense that these deals have always been one-sided in favour of the party with greatest bargaining power. Historically, the vendor was perceived as having greatest bargaining power because it was in the business of doing these outsourcing deals regularly, and accordingly had the most refined business intelligence on how to make money doing them. Pity the poor client. In recent years though, clients have become increasingly sophisticated in both procurement techniques as well as the ins and outs of structuring outsourcing deals. The market place for vendors has also become more competitive. The effect is that the pendulum has swung increasingly to the client side, as the party having greatest bargaining power. Most recently, vendors have begun resisting this pendulum swing, and legal practitioners like me can see it, for example, in the evolution over the past five years or so on the allocation of risk between parties expressed in indemnities, limitation of liability provisions, and carve-outs to limitations of liability. In Jim’s view, the way to untangle this Gordian Knot is to embrace a different measure of success and a different negotiation process to discover it.

So is it right for everyone in all circumstances? It’s difficult to answer that question, in my view, and one that has implications for customers in terms of their short-term and long-term vendor strategies. What I do think is clear, and what has always appealed to me about outsourcing, is that the outsourcing business model is continuing to evolve, and the newest entrant to this portfolio is vested outsourcing. Look for it as part of deal on your street corner, coming soon!

—————————-

fn
The origin for the thinking on vested outsourcing lies with Kate Vitasek, who is the author of “Vested Outsourcing”, a book in which she explores how to negotiate, structure, and manage an outsourcing in alignment with “win-win” principles.

According to a survey conducted by the Outsourcing Centre, almost 50 percent of the ITO and HRO deals were renewed. Companies often instinctively renew outsourcing contracts, especially if the existing relationship has no major issues. While it may be tempting to renew the deal because negotiating a new deal requires both parties to invest significant energy, time and money, customer must decide whether or not renewal is the best option. Renewal is not always the right choice. 

The survey conducted by the Outsourcing Centre also shows that about 30 percent of the customers renewed the deals for a better pricing model. While pricing is an important factor in deciding whether or not to renew, there are a number of other factors that are equally important to customers. These factors include supplier’s performance over the current contract term, the strength of the relationship with the supplier, the alignment of the current outsourcing model with customer’s strategies and objectives, any change in customer’s operating model, strategy or requirement since the initial contract was executed, whether the customer expects that its operating model, strategy or requirement may change during the renewal term, the capability of supplier to support customer future growth, supplier’s innovation and flexibility, the cost of transition, the ability of customer to manage the transition, the level of risk during transition given other initiatives, the availability of other service providers, changes in appetite for risk, changes in the outsourcing industry, changes in the legal and regulatory environment.

Regardless of whether the customer decides to renew the existing outsourcing contract or to enter into a negotiation for a new one, it requires careful and detailed planning. Renewal presents a very good opportunity for customers to adjust the terms and scope of the outsourcing contract to align with its operations, requirements and business expectations and to ensure that the deal remains competitive. 

The time and effort required for renewing, renegotiating or rebidding cannot be underestimated. Many outsourcing contracts contain boilerplate clauses which require service provider to remind customer of pending expiry about six to nine months prior to the expiry date. In reality, customer should start thinking about the renewal at least eighteen months prior to the expiry date. For example, on average it takes about six months for customer to evaluate the existing outsourcing relationship, consider all the factors discussed above, and make a determination whether or not to renew an existing outsourcing contract. If the customer decides not to renew the existing contract, the customer will need to decide whether or not it wants to renegotiate the agreement with the existing service provider or whether it wants to issue the RFP for rebidding the services. If it decides to proceed with the RFP option, it will take about six months to gather information to develop and issue the RFP, evaluate the bidders, perform due diligence, and make the down select decision. Therefore, in order to have proper planning and to retain leverage in the negotiation, it is important for customer to start thinking about any potential renewal early.

Legal Process Outsourcing (LPO) continues to be the buzzword, in Canada, US and the UK. 

This month’s edition of The Canadian Bar Association’s National Magazine features LPO on its cover page and a six page article on the topic. The article is titled “Bangalore Calling” and showcases a Canadian perspective on LPO.

Legal Week announced last month that Balfour Beatty, the construction giant, is planning to press its law firms on the topic of legal process outsourcing. According to the global general counsel and company secretary Chris Vaughan:

We are at the start of a process to review the provision of legal services across the group, and outsourcing will be one of the options which we will be considering, in all its guises

I have often said that the ultimate showdown will be where legal departments (who use the services of LPO companies) will “influence” their law firms to offer LPO services. Or, at the very least, insist that their law firm partners work with an LPO. Stay tuned on that! 

What are the academics saying about LPO? 

Case Western Reserve University’s (one of Americas leading private research institutions, located in Cleveland) Associate Law Professor Cassandra Burke Robertson published a law review research article late last year titled “A Collaborative Model of Offshore Legal Outsourcing”. In this article, Robertson writes that,

International outsourcing is quickly reshaping the practice of law. Sending legal services offshore does not merely shift existing legal practice to a lower-cost provider. Instead, it can change the nature of the services rendered……making additional legal services affordable.

Robertson concludes that the LPO trend is revolutionizing the way in which law is practiced in the West. Backing up this claim, she analyzes the example of high-profile Hollywood litigation involving defendant Sacha Baron Cohen of "Borat" fame. Robertson articulates some of the most surprising ways in which LPO services are shifting the legal landscape.

Offshoring…. changed the nature of the defense entirely. It took a case that would likely have been handled outside the court system through a nuisance settlement and brought it within the formal adjudicatory system. As a result, the case was decided on the merits, and the decision is publicly available, potentially discouraging further meritless claims,

says Robertson.

Robertson's views show how offshore legal outsourcing is not only confined to quasi-legal work such as filling out forms and coding documents; however it also includes complex work such as legal research, drafting contracts, and preparing patent applications. Robertson points out that,

… while this higher-level legal work represents only fifteen percent of the LPO market right now, it is quickly growing; as LPO firms become more established, they tend to take on increasingly more sophisticated work.

So are we there yet? Is LPO here to stay? Have we reached that point of no return? I’ll bet if you ask ten lawyers that question, you’ll get ten different answers. That’s lawyers for you! 

In my last column, I discussed the convergence between the SaaS contracting model and the outsourcing contracting model. In this column, I wish to explore a strongly related topic: the increasing trend of using cloud elements in outsourcings.

There is some overlap between software-as-a-service (SaaS) services and cloud services. Before the cloud became the marketing buzzword we know and love today, a SaaS service referred to a contracting model where software features were provided over the Internet. From a legal perspective, there was not much of a difference between SaaS and the application service provider (ASP) model that preceded it. SaaS came in as the mot de jour, and ASP went the way of the service bureau and mainframe computing, borne back ceaselessly into the past.

Now, SaaS has a slightly different meaning in a cloud context. SaaS is used alongside infrastructure as a service (IaaS) and platform as a service (PaaS) to refer to different types of cloud services. I use the term “cloud” to refer to a technological model of enabling network access to a pool of configurable computing resources, where: i) the hardware is abstracted from the end user, and ii) capacity is scaled in response to increased demand.

Some folks will also want to add that cloud services are only offered on a subscription basis, but I can think of several examples where it is not. However, I agree that if a software service is offered on a subscription basis over the Internet, then it is definitely a traditional SaaS service. If that same service is readily scalable to meet increased demand, then it should be called a cloud SaaS service.

A cloud SaaS Service, when enhanced with some of the customized and service-based features (discussed in more detail in my last column), becomes an attractive alternative to a services outsourcing. But it does not have to be either a cloud SaaS service or an outsourcing. The solution can incorporate elements of both models.

For example, in a larger outsourcing, it may be desirable to host at least some of the outsourced services on a cloud infrastructure. If the infrastructure is provided by a third party, then this is an IaaS model incorporated into an outsourcing. The outsourcing provider is providing highly customized services for the customer on a cloud provided by a third party. In this hypothetical example, the outsourcing provider creates the software applications, maintains the databases, and provides the troubleshooting and support for the outsourcing to the customer, while the IaaS provider contracts with the outsourcing provider to provide the infrastructure upon which these services sit. There would still be considerable capital costs for the customer, since the customized applications would need to be developed on their dime, but at least the customer is not paying for the capital costs to provide a scalable private data center as well. Instead, the infrastructure costs can be passed through to the customer as an ongoing expense, lowering the capital costs significantly while allowing the customer to scale the services predictably to manage increased demand later on.

No doubt large outsourcing providers already manage private infrastructure clouds of their own upon which they provide their outsourced services. Vast numbers of virtualized cloud instances can be managed on an infrastructure like this, where the needs of different customers are balanced within one large cloud without disclosing any hardware details to each customer. The use of these private clouds may be disclosed to the customer, and the customer may be billed for usage accordingly. Alternatively, the use of a private cloud could be entirely hidden from the customer, and instead be a matter of network architecture and management for the vendor alone.

If cloud services are incorporated into an outsourcing arrangement, in addition to the considerations raised in my last column, counsel for the customer should consider some cloud specific concerns:

• Security and Privacy of Data: It is still up for some debate whether the cloud model is any less secure than more traditional models. Some recent articles on Slaw and Lawyers Weekly highlight the debate. In my view, it depends on the technology actually being implemented. One needs to pierce the cloud and understand what is behind it to properly answer questions relating to privacy and security. Without taking the time to understand the technology, one cannot reasonably appreciate whether the steps being taken to secure it are reasonable and will actually work. In an outsourcing context, counsel will almost certainly require technically assistance.
• SLAs: The service levels provided by IaaS providers are typically fixed and non-negotiable. Take, for example, Amazon’s EC2 cloud SLAs: 
1. Amazon will use reasonable commercial efforts be up only 99.95% in a year (which is 4.3 hours of downtime a year). Downtime is defined as the percentage of time that the entire region is unavailable (i.e. the entire US East (Northern Virginia), US West (Northern California), EU (Ireland), Asia Pacific (Singapore), or Asia Pacific (Tokyo) zone is down).
2. Downtime excludes Force Majeure events, and downtime that result from failures of individual instances, other than the entire region being down. This essentially means all of your instances in a region are down, and you cannot start new ones.
3. A 10% credit on your bill is your sole and exclusive remedy, assuming you ask for it.

These standard EC2 terms would not be acceptable for any sensitive or mission critical applications. Other IaaS providers offer similar fixed service levels. For larger usages, there may be room to negotiate with the cloud provider. However, since the underlying architecture will likely not change based on these negotiation, it would simply be an exercise in moving financial penalties around, not improving uptime or incenting improved performance by the cloud provider.

• Potential for Third Party Impact: In a shared IaaS environment, as in any shared environment, there is the potential for third party users of the shared environment to have an impact on the customer’s experience. There are two considerations which flow from this.
1. The first consideration is whether a financial penalty, such as an SLA credit, would be sufficient if there is chronically poor performance of the cloud services. It may not be if, for example, the application is so important to the customer’s business that it cannot tolerate any sustained period of poor performance. If the customer cannot tolerate poor performance then a shared cloud may be too risky, and therefore not a suitable model for that customer. Some cloud providers manage this risk for customers on shared clouds by capping each user’s usage of the cloud, but this also limits the inherent flexibility and scalability of the cloud, and so is not a perfect solution.
2. The second consideration is whether the customer wants to be down at the same time as everyone else on the cloud. From a business perspective, if you and your competitors share a same common point of failure, then when that failure happens, there is no advantage to either of you. However, if you are tolerant of that failure, and your competitor is not, then you are able to capitalize on the failure and grow your business. A shared cloud represents a single point of failure for competitors that all use it.
• Latency: Latency can be an issue for cloud based services, simply because the services are all limited by the speed of the network they are on, and the speed of the connections used to interface with that network. When the Internet is used to interface with the cloud, latency can be a serious issue for time sensitive applications. Packets sent over the Internet can arrive out of order or not at all, requiring retransmission and delay. If the cloud instances carrying out aspects of the cloud services are disparate, the potential for significant network latency can be even greater. So, in larger clouds, increased latency can be a price paid for better reliability and uptime. This may not be suitable for all applications.

The cloud offers vast potential for lowers capital costs and improving the financial attractiveness of outsourcings, but a customer should be certain that the resulting solution is right for them, both from a legal and a technical perspective.

For nearly 20 years, organizations that outsourced part of their functions to service providers have relied on SAS 70 reports to gain assurance that proper controls relevant to user entities internal control over financial reporting are in place at service organizations. With the globalization of outsourcing services and changes in regulatory landscape, the American Institute of Certified Public Accountants Auditing Standards Board issued Statement on Standards for Attestation Engagements (SSAE) No. 16 in January 2010. SSAE No. 16 is effective for reporting periods ending on or after June 15, 2011 which means that the new standards could affect organizations as early as June 2010.

SSAE No. 16 is substantially similar to SAS 70. One of the key difference is in the portion of the report where the service organization describes its controls and systems. Under SSAE No. 16, service organization will need to provide a description of its system (as opposed to description of its controls under SAS 70). Description of system is more expansive and detailed when compared to that of the SAS 70 description of controls. Controls are only one aspect of a system. The new standards require service organizations to provide more information on their systems, processes and procedures.

The other key difference is that SSAE No. 16 requires service organizations to provide management assertion regarding management’s responsibility for the description of the system and the related controls designed to achieve the stated control objective. The new standards also require service organizations to identify risks that threaten the achievement of the control objectives.

While many of the descriptions contained in the SAS 70 reports provided by service organizations meet most of the criteria under the new standards, service organizations who currently only meet the minimum requirements of SAS 70 will need to put in more efforts under the new model. The new standard represents more work for service organizations because they are now required to provide a more elaborate description on the system and also to provide a management attestation. The new model may or may not have been contemplated when the outsourcing contract was negotiated. If the additional work was not contemplated when the outsourcing contract was prepared, this represents additional effort and cost on service organizations which could mean some of the service organizations may remove topics that were previously included in their SAS 70 reports. User entities need to understand what they expect the scope of the audit to include and the type of audit rights required under the new model.

Both service organizations and user entities need to review existing outsourcing contracts to determine the type of audit and reports required under the existing contracts, whether the existing contractual language is broad enough to cover SSE No. 16, and whether revisions are necessary to transition to the new standards.

As service provider’s counsel, I watched it happen many times. After the Service Provider worked diligently to prepare a response to a Customer RFP and was down-selected based on the Service Provider’s proposed solution, the scope of services was reduced. The reasons varied. Sometimes they were financial: the Customer was not able to afford particular aspects of the solution or the benefits arising from parts of the solution no longer justified the expense. In other cases the reasons were operational or delivery-based: the Customer lacked the necessary infrastructure to implement components of the solution or it would have taken the Service Provider too long to develop certain parts. Regardless of the reason for which the Customer was seeking to remove scope, the Service Provider usually concluded that, in the circumstances, it had little option but to agree with the Customer that the work was “off the table”.

But that was never the end of the story. Just because some part of the work was no longer in scope, that did not mean that it could not be referred to in the outsourcing agreement. Indeed, the Service Provider was usually anxious to ensure there was some reference to the omitted scope in the contract. These contractual references were referred to, colloquially, as a way to “protect the Service Provider’s birthright” or to “preserve the Service Provider’s inheritance”.

In this posting, I want to discuss three ways that the Customer and Service Provider can deal, in the outsourcing agreement, with committed scope that ceases to be committed or that evaporates during the negotiating process (referred to below as the “Potential Scope”). The focus will be on how to deal with the Potential Scope in the outsourcing agreement. Clearly, the Customer will also need to ensure that it is able to do so under its procurement regime, but that is a separate issue.

There are benefits to both the Customer and the Service Provider from doing so. For the Customer, dealing with the Potential Scope explicitly can provide it with contracting flexibility to incorporate the work into the agreement in the future quickly, efficiently and without having to comply with procrustean procurement processes. For the Service Provider, while these approaches do not guarantee that the Customer will award the Potential Scope to the Service Provider, they can provide the Service Provider with a leg up and a reference point in the contract from which it can argue that the parties contemplated the work might be awarded to it.

The avenues open to the Customer and the Service Provider to deal with the Potential Scope include the following:

1. Right of First Proposal: In recognition of the fact that the Potential Scope formed part of the Service Provider’s original RFP response but was subsequently removed, the Customer and the Service Provider can agree to include a Right of First Proposal in the outsourcing agreement. The Right of First Proposal requires the Customer to invite the Service Provider to make a proposal for the implementation of the Potential Scope before the Customer is entitled to solicit or accept proposals from third parties relating to such implementation. This right does not require the Customer to accept the Service Provider’s proposal, only to invite the Service Provider to submit one.

The Right of First Proposal can be included in the outsourcing agreement in the following terms:

“(a) If the Customer intends to implement the Potential Scope or a material part thereof (the “Proposed Additional Scope”) at any time or from time to time during the term of the Agreement, the Customer shall provide notice thereof (each, a “Potential Scope Notice”) to the Service Provider. The Potential Scope Notice will describe the Proposed Additional Scope the Customer intends to implement and include reasonable details of any specific requirements, conditions or terms of the Customer affecting its implementation, e.g. scheduling constraints or geographic restrictions affecting the solution. The Potential Scope Notice will be considered to be a Change Request delivered by the Customer and will be subject to the Change Order Procedures, provided that:

(i) the Customer shall not solicit third party proposals for the implementation of the Proposed Additional Scope until such time as the Service Provider shall have had a reasonable opportunity to submit a Change Proposal therefor in accordance with the Change Order Procedures or the Service Provider shall have informed the Customer that it will not be submitting such a Change Proposal; and 

(ii) the Customer shall review any Change Proposal in respect of the Proposed Additional Scope submitted by the Service Provider in good faith in accordance with this Section but nothing in this Section shall require the Customer to accept any Change Proposal in respect of the Proposed Additional Scope that is submitted by the Service Provider.

The Customer shall not be required to deliver a Potential Scope Notice to the Service Provider if the Customer implements the Proposed Additional Scope internally without the use of subcontractors or third party personnel

(b) This paragraph shall apply if the Customer receives an unsolicited proposal from a third party (including another service provider or supplier of the Customer) for implementation of the Potential Scope or any material part thereof which the Customer wishes to accept or to discuss with the third party or any other person. Before accepting the third party proposal or discussing the third party proposal with the third party or any other person, the Customer shall provide the Service Provider with a Potential Scope Notice. The Potential Scope Notice shall relate to any part of the Potential Scope that the Customer will consider implementing including any part that is included in the third party proposal that the Customer wishes to accept or discuss with the third party or other person and the provisions of paragraph (a) shall apply, with necessary changes, to such Potential Scope Notice.”

The Right of First Proposal is not the same thing as a right of first refusal. A right of first refusal may well be problematic for Customers: any third party proposal that would be subject to the right of first refusal would also likely include confidentiality obligations in favour of a third party that would prevent the Customer from sharing the contents of the proposal with the Service Provider.

2. Option: If the parties can define the Potential Scope precisely and the Service Provider is able to determine both the resources it requires to deliver the services and the price of performance, then the parties can accommodate the Potential Scope in the outsourcing agreement by way of an Option. The Option entitles the Customer to require the Potential Scope to be implemented for a specified period of time on notice to the Service Provider. The Option can be phrased in the following terms (where the Service Provider resources required to implement the Potential Scope are referred to as the “Potential Scope Resources” and the price of performance is the “Potential Scope Charges”):

“(a) The Customer shall have the option (the “Option”) to require the Service Provider to implement the Potential Scope using the Potential Scope Resources for the Potential Scope Charges. The Option shall be exercisable for a period of 180 days after the Effective Date on written notice (the “Notice of Exercise of Option”) from the Customer to the Service Provider referring to this Section but may not be exercised thereafter. Upon the Service Provider’s receipt of the Notice of Exercise of Option, the Service Provider and the Customer shall cooperate in good faith to implement the Potential Scope as set out above pursuant to the Change Order Procedures.

(b) The Customer acknowledges that the Potential Scope Charges do not include the Service Provider’s charges:

(i) to re-work any Services that will already have been performed for the Customer by the Service Provider prior to the time at which the Option is exercised by the Customer pursuant to paragraph (a) and the Potential Scope is implemented pursuant to the Change Order Procedures; and

(ii) for additional testing, acceptance and project management effort necessary if the Services for the implementation of the Potential Scope are not integrated with other services being provided by the Service Provider.” 

Unlike the Right of First Proposal which can endure for the term of the outsourcing agreement, the Option normally survives for only a limited period of time. This is because the longer the option period, the more difficult it will be for the Service Provider to be confident about its costs. There will come a point at which the risks to the Service Provider associated with lengthening the option period will outweigh whatever benefit the Option provides to the Service Provider in terms of preserving its birthright. 

3. Acknowledgement of the Potential Scope: The Customer may be unwilling or unable to provide the Service Provider with a Right of First Proposal and the nature of the Potential Scope may be such that it is not practical to include an Option for the Customer to implement the Potential Scope in the outsourcing agreement. In these circumstances, the Customer and the Service Provider have the option of including an express acknowledgement in the outsourcing agreement that the Potential Scope continues to be “potentially in scope”. This acknowledgement can be phrased as follows:

“The potential scope of the Services to be provided by the Service Provider during the term of this Agreement includes the following, subject to the implementation of such Services at the discretion of Customer in accordance with the Change Order Procedures and other applicable terms of this Agreement:

1. the Services that are described in the Statements of Work as being in-scope for this Agreement; 
2. the Potential Scope; and
3. any other potential scope for the project described in the RFP issued by the Customer.”

It is easy to question the value of such an Acknowledgement. Regardless of whether it is included, the Service Provider can always make a proposal to the Customer to bring the Potential Scope into the outsourcing agreement. And the Acknowledgement does not compel the Customer to award the Potential Scope to the Service Provider. So what, ultimately, is the point of including the Acknowledgement in the agreement?

The point, for the Customer, is about having options to deal with scope in the future without assuming obligations to do so. And, for the Service Provider, the Acknowledgment provides a vehicle to award the work to it. Including the Acknowledgement in the outsourcing agreement removes possible roadblocks. It prevents the Customer from forgetting that the Potential Scope was ever part of the agreement. It eliminates claims that a separate procurement process with open bidding is necessary. And, if the Service Provider is fortunate, it changes the nature of the discussion from “should the work be awarded to the Service Provider” to “under what terms and conditions should the work be awarded?” Wayne Gretzky captured the Service Provider’s perspective well when, in a different context, he said “I miss 100% of the shots I don’t take.” 

It was quite a surprise to read that Howrey LLP, a large US based law firm, recently closed its doors. From various accounts, there were a host of reasons the firm went out of business. The irony is that Howrey was a pioneering firm with a desire to innovate. 

There are some interesting lessons learned. Howrey began to offer a suite of discovery services similar to those provided by LPO [legal process outsourcing] vendors. Innovative, yes! But perhaps not that smart. It seems that the global legal landscape was innovating faster (than the firm). 

Bob Ruyak, the firms Chairman and CEO, admitted that. “We created a whole portion of the firm to handle discovery efficiently, using staff attorneys, temporary people, computer systems and facilities,” he told the Wall Street Journal. However, in the wake of the LPO boom, competitors were offering to carry out discovery work less expensively. Although Howrey “started to make corrections," it was never able to respond quickly enough to changing demands, he said.

NewLegal Review asked Brad Blickstein, principal of US legal consultancy Blickstein Group, what kind of lessons the Howrey scenario had in store for other law firms. For Blickstein, Howrey's demise is “really a shame," because the firm had made a genuine effort to innovate. 

So how does Blickstein think that traditional law firms, LPO vendors and client organisations can best collaborate to ensure that the work they undertake is beneficial to all parties — forestalling the threat of another “Howrey scenario” in the future?

“Law firms must understand that all their previous income streams will not be available to them forever,” he said.

More and more clients are starting to understand that law firms are typically the most expensive way to solve any problem, and are reserving their use for times when a law firm is the only solution. That's OK: law firms can survive that. They just need to focus on their core competencies and provide exceptional – and unique – value in all interactions.

In the long term, warned Blickstein, any law firm that continues to count on the income it receives for providing services that it cannot deliver efficiently or cost effectively is committing itself to a losing streak. “The quicker firms stop fighting change for their own self-interest and try to help their clients solve problems as efficiently as possible – even if the solution is to NOT use the firm – the better,” he said.

Law firms who build relationships with LSOs [legal services outsourcing] and other service providers will be viewed as value-added and retain some control over the situation. Firms that do not will be sidestepped or fired. This will not necessarily mean that firms will be smaller. But they will be limited to attorneys who can provide outstanding legal advice, and/or bring in business.

In almost all business process outsourcing transactions it is virtually impossible for one service provider to perform all of the services required. So subcontractors become fundamental to the delivery of the services. Here’s our list of some key issues to manage when dealing with subcontractors. 

1. One Throat to Choke.
Or perhaps more politely, one hand to shake. Remember that whether your deal involves one subcontractor or a consortium of them, the customer will insist on the prime contractor remaining liable for performing all of the obligations under the outsourcing contract, regardless of whether some of the obligations have been subcontracted. As a result, it is essential that the prime contractor carefully and clearly identifies, and flows to its subcontractors, any and all obligations to be performed by the subcontractors to ensure complete performance of the services. Each link in the service delivery chain must be carefully considered from a business, technical, operational, financial and legal perspective to ensure that the liability for performance of the subcontracted obligations is appropriately and fully allocated, contractually, among the subcontractors. This is where negotiating limitations of liability (an certain other “sacred cow” provisions) can become tricky, as they are often the last agreement made before signing, and must be flowed through to the subcontractors.

2. Subcontractor Failures.
A failure under one subcontract may, in the context of that subcontract, be contained and relatively inconsequential, in the scheme of the larger deal. However, for the prime contractor, that failure may trigger onerous consequences under its contract with the customer. For example, a specific failure by a subcontractor may required that the subcontractor be removed from the deal. The removal of a subcontractor is never without consequences. In order to back stop the prime contractor’s obligations to its customer, the consequences of failure by the subcontractor, regardless of the materiality of the subcontract or the subcontractor’s obligations, must be addressed . . . carefully! 

3. Timing is Everything.
The time constraints involved in negotiating an outsourcing transaction are often unrealistic . . . and time is money for the prime contractor and the customer! While the negotiations between the customer and the prime contractor inevitably, completely absorb much of the negotiating time in an outsourcing deal, it is critical that the prime contractor engage its subcontractors early and often. It is even more critical that the customer keep tabs on the status of the subcontractor negotiations. The consequences of failing to manage the timing of the subcontractor negotiations range from delay to deal jeopardy.

4. Negotiating Strategy.
Ideally, the prime contractor and its subcontractors, as a team, will have a strategy in place as to various puts and takes that the prime contractor may have in its back pocket for negotiations with the customer. But we all know that deal teams do not live in ideal worlds. When negotiating complex outsourcing arrangements, the implications of decisions made at the core negotiation table (and sometimes the lack of decisions), can significantly impact the subcontractors. Additional due diligence may be required, the subcontractor’s solution or services may need to be re-tooled or completely over-hauled, or the subcontractor’s input (or multiple subcontractors’ input) is required to find a solution to a problem. All of this takes time and adds complexity. Good management of this process, behind the curtain from the customer, is essential to a smooth, successful deal, being completed on time. For the prime contractor, subcontractor negotiations can be a sizeable task (any magnified by the complexity of the transaction, the complexity of the solutions, the number of subcontractors to manage). 

Whether the prime contractor uses separate deal teams to negotiate the subcontracts running almost concurrently with the core table negotiations, or the subcontract negotiations take place on specific days of the week using the prime contractor team, or the prime contractor crystallizes the business deal first before negotiating with the subcontractors, or some other negotiation strategy is implemented, the prime contractor must have a plan and a strategy for managing its negotiations with subcontracts before it starts the negotiations with the customer. Mismanaged subcontractor negotiations not only jeopardize the entire outsourcing, but can also add significantly to the pre-contract deal costs of all involved.

5. Managing Subcontractor Defaults.
Key to the one throat to choke concept is the management of subcontractor defaults. Customers may often ask for one throat to choke (that is to say, only one party to the contract – the prime contractor), but when defaults occur, customers can sometimes be quick to jump the queue in an attempt to deal directly with the subcontractor. The relationships need to be honoured when addressing subcontractor defaults. This needs to be facilitated in the default provisions agreed to in the outsourcing contract. It is in the interests of both the customer and the prime contractor to ensure that notification periods, cure periods, reporting obligations, and problem escalation procedures will work from a practical level when flowed down to the subcontractor, and through the prime contractor as gate keeper. These processes and timelines should be carefully mapped out to ensure that workable processes can be managed that allow the parties to focus on solving the problem first, and dealing with the liabilities second.

6. Practical Realities.
While having one throat to choke, or one hand to shake, by directing all dealings with a subcontractor through a prime contractor may be the preferred approach for many customers, the customer and the subcontractor may need the ability to work directly with each other, instead of through the prime contractor. While the contract will customarily say that all dealings between the customer and the Subcontractor will be through the prime contractor, the on-the-ground operations will likely involve the co-operation of all three parties working together. Appropriate clauses should be negotiated between the customer and the prime contractor, and between the prime contractor and the Subcontractor, to facilitate the cooperation of the parties so they can they can work jointly together required (which may include joint decisions where they are all affected), while still honouring the concept of one hand to shake.

Services outsourcings and software-as-a-service (SaaS) offerings lie on nearly opposite ends of a spectrum of managed services that a service provider can provide a customer. Traditionally, they serve the customer in quite different ways and are considered to be separate services, but some service providers are offering “customized” SaaS services, which in essence lie in the middle of this spectrum of managed services. Only certain services can be offered both as a SaaS Service and through an outsourcing, but the breadth and complexity of SaaS Services, particular cloud-based SaaS Services, grows constantly.

Outsourcings are generally used to transfer responsibility for a large and complex piece of a customer’s business to a third party. The primary driver behind an outsourcing is typically cost, since the service provider generally promises to perform the outsourced services at a lower cost than what a customer can achieve internally. The cost savings comes from leveraging the infrastructure, resources and expertise of the service provider. However, outsourcings can become unexpectedly expensive for a customer when the provided solution does not neatly mesh with the customer’s remaining business functions. Change orders and scope creep drive up implementation costs.

In contrast, software-as-a-service (SaaS) offerings are typically offered as a commodity service, having set parameters and set pricing, and being available on the same terms to everybody. The advantage of a traditional SaaS service is cost, especially low upfront costs. Typically very little capital is required to sign up for a SaaS service, and only an ongoing subscription fee applies. There are fewer unexpected costs arising from the SaaS service, since it is not subject to change orders or scope creep. SaaS services are typically provided on a “take it or leave it” basis. 

Increasingly, there is a trend among SaaS providers to offer “customized” SaaS services, which are tailored in some way to meet the specific needs of a particular customer. Some SaaS providers have developed their service offerings such that they have embedded into them a large number of variable service parameters, allowing for customized end user interfaces, database and dataset compatibility, and customized monitoring and reporting tools. Certain SaaS providers have created software development kits which can be exploited by customers or third parties to develop customized applications that work with their SaaS offerings, which can provide for even greater flexibility.

I see this as a natural convergence between the two contracting models that could be of benefit to both the customer and the service provider. From a customer’s perspective, by moving to a customized SaaS service, the customer can realize greater cost savings over a stand-alone, full blown outsourcing arrangement. From a service provider’s perspective, it is able to build a platform once and sell it many times over, a potentially more profitable business proposition.

On the downside, the customer would have to be more flexible with respect to its requirements if there is not a customized SaaS solution that fits the bill. Customized SaaS solutions will only go so far, and invariably there will be requirements that they cannot meet in particular circumstances. A customer may also have to settle for service levels and technical support that is inferior to a fully outsourced solution. Some service providers may be willing to negotiate special terms for larger providers, to afford a customer dedicated support, dedicated hardware, or other particulars. However, the resulting services may rise in complexity and expense to a level equivalent to an outsourcing arrangement. 

A customized SaaS solution can be an excellent vehicle for a customer to realize cost savings, so long as it can handle not getting everything it wants from its solution. Counsel for a customer considering such a solution should address at least the following potential legal concerns that may be particularly affected in a customized SaaS service.

1. IP Ownership: In a customized SaaS solution, without any third party customization, the service provider will likely insist on ownership of the customizations. The customizations in many cases will simply amount to configuration details, which are intrinsic to the platform, and would be of little value when separated from it in any case. In other instances, the customer may be asked to pay for custom code. Some of that custom code may be for completely new features for the SaaS solution, which the service provider can resell to other customers at little incremental cost. In such cases, the customer would be wise to refuse.
2. Transition Assistance: SaaS Services typically do not allow for significant transition assistance upon termination, whereas outsourcings almost invariably do. The customer should carefully consider what type of termination assistance it might need in a customized SaaS solution, taking into account the portability of the data in the existing solution, the amount of time needed to move to an alternative solution, and the requirements for services and support during that time.
3. Key Personnel: SaaS Services typically do not identify any key personnel requirements, but outsourcings often do. The rationale in an outsourcing is that key personnel can be crucial to the success of the outsourcing, and so some restrictions are placed on their allocation and utilization. The customer should carefully consider whether similar restrictions are necessary for key personnel spearheading the customization portions of any customized SaaS Service.
4. Change Orders: SaaS Services typically do not identify a process for managing change, whereas outsourcing often do. Managing change is a crucial aspect of any large outsourcing, as other commentators on this blog have discussed at length. For the same reasons, a customized SaaS solution should contemplate some process for managing change.
5. Governance and Escalation: SaaS Services do not generally provide for a governance process involving executives of both parties to the contract, but will often offer some kind of escalation process. A customer to a customized SaaS solution may require more rapid escalation of issues that a standard SaaS Service would provide, and will likely require an escalation process that escalates to a key decision-maker of each party. Otherwise, issues, and in particular implementation and development issues, can become stalled in a customer service nightmare, without appropriate and timely recourse.

Sophisticated service providers will pre-empt customers by addressing these issues in their standard “customized” SaaS Services agreements, making it easier for customers to sign on and start enjoying their cost savings.

My previous posting examined three issues relating to confidentiality obligations in an outsourcing agreement where care and attention may be needed to ensure that the parties achieve the results they are intending. I want to continue along the same path in today’s posting, looking at four more issues relating to confidentiality obligations in outsourcing agreements that the customer or the service provider do not always get right. 

4. Restrictions on the disclosure and use of Confidential Information

Confidentiality obligations frequently limit the ability of a party to use or disclose the confidential information of the other party in terms similar to the following:

“A party may use, disclose or make available relevant aspects of the other party’s Confidential Information:

(a) only to its personnel and subcontractors to the extent that: (i) the use, disclosure and making available thereof is necessary for the performance of the receiving party’s rights or obligations under this Agreement; and (ii) such persons have an actual need to know such information and have signed non-disclosure agreements as required by this Agreement;”

However there are many reasons for which a party may wish to use the confidential information of the other party that involve disclosure to persons other than its personnel or subcontractors or that transcend performance of the party’s rights or obligations under the outsourcing agreement including:

(i) to permit disclosures required under applicable law;

(ii) in connection with audits, reviews, investigations or disputes under the outsourcing agreement;

(iii) to its legal counsel, auditors or other professional advisors in order to obtain their advice;

(iv) internally or to its parent or affiliated entities as part of the party’s internal approval processes;

(v) to banks or other financial institutions in connection with the party’s financial arrangements;

(vi) in the event of an amalgamation, merger or acquisition or proposed amalgamation, merger or acquisition affecting a party;

(vii) to other service providers where the customer has adopted a multi-sourcing strategy; and

(viii) as part of a re-procurement where the customer is not renewing the outsourcing agreement.

Some of these situations are likely to be covered by express provisions of the outsourcing agreement, e.g. outsourcing agreements normally provide that it is not a breach of the confidentiality obligations for a party to disclose confidential information to the extent required by applicable law. Other circumstances, such as disclosure in connection with a party’s internal approval processes, may arguably be shoehorned into agreement provisions relating to “performance of the receiving party’s rights or obligations” (so long as the reviewers or approvers fall into the permitted class of individuals to whom information may be disclosed under the agreement).

This does not mean though that all uses or disclosures of confidential information can be justified on the basis that they are necessary for performance of a party’s rights or obligations. To avoid having to seek consent in the future, each of the customer and service provider should identify, before the outsourcing agreement is signed, the various circumstances in which it may wish to use or disclose the confidential information of the other party. It should then review the outsourcing agreement to ensure that such use and disclosure of the other’s confidential information is permitted.

5. Including Personal Information within the definition of Confidential Information

Customer Confidential Information is sometimes defined in outsourcing agreements along the following lines: 

 “Customer Confidential Information” means any technical, business, financial, personal, employee, operational, scientific, research or other information or data of the Customer … and including any Personal Information … .

Unfortunately, without more, the confidentiality obligations of the outsourcing agreement may provide poor protection for any personal Information that the customer entrusts to the service provider. This is not just because traditional exceptions to the scope of information required to be retained in confidence (e.g. information that is in or subsequently becomes part of the public domain) may serve to exclude personal information from the protective cloak of the confidentiality obligations. There are also issues uniquely associated with the service provider’s possession of personal information that should be identified, discussed by the customer and service provider and, if appropriate, dealt with in the outsourcing agreement. These issues include:

(i) restrictions on the transfer of personal information outside Canada or the access to such information from a location outside Canada;

(ii) requests received by the service provider directly from individuals for access to personal information about them collected by the service provider in performing the services;

(iii) data breach notification;

(iv) in the context of business process outsourcing, limitations on the service provider’s ability to develop “consolidated views” of individuals, i.e. to link personal information about the individuals from different sources that may well have been collected by or on behalf of the customer for other or restricted purposes; and

(v) responsibility for compliance with existing statutory obligations relating to privacy, personal information and personal health information and for dealing with any changes to such laws.

The inclusion of personal information within the definition of Customer Confidential Information in an agreement does provide a short hand way of addressing certain of the customer’s personal information obligations. However the Customer also needs to review the confidentiality obligations to ensure that standard exceptions do not vitiate whatever protection is provided and to identify any additional obligations relating to the types of personal information to be made available that should be flowed down to the service provider.

6. Including Proprietary Materials and/or Intellectual Property Rights within the definition of Confidential Information

Very often, one of the thorniest issues in negotiating an outsourcing agreement (after limits of liability) involves the ownership of and rights to use work product, e.g. systems, IT and business processes and related materials developed during the performance of the outsourcing agreement. From the customer’s perspective, it is paying the service provider for the services including for development of the work product: therefore, it should have the ownership of and the exclusive rights to exploit anything that may be developed in performance of the outsourcing agreement. The service provider sees the issue through a different proprietary lens: in developing the work product, the service provider is leveraging its existing expertise and knowledge and the amount the customer is paying does not compensate it fully for this expertise and knowledge, nor for the risks of non-performance being assumed. The customer’s rights to the work product are not pre-ordained but, rather, need to be agreed to by the parties. In all events, at least according to the service provider, it should not be precluded from using the work product in its business.

One of the ways that the ownership of work product issue can be resolved is to provide that: (i) the customer owns work product developed under the outsourcing agreement; and (ii) the service provider has the right to use in its business any residual knowledge (ideas, concepts, know-how, skills and experience) retained by it in intangible form. Regardless of the exact basis on which the ownership issue is resolved however, the customer and the service provider should take care to ensure that their intended resolution survives the intersection of the intellectual property provisions and the confidentiality obligations of the outsourcing agreement. Often, the definition of Confidential Information will include wording similar to: 

“Confidential Information shall also include, whether or not designated as “Confidential Information” … the Proprietary Materials of either party.”

If this is the case and the definition of Proprietary Materials includes work product developed under the agreement, there may be a conflict between: (i) restrictions on the service provider’s ability to use customer confidential information imposed by the confidentiality obligations; and (ii) the residual rights or other ownership provisions of the outsourcing agreement. The customer and the service provider should trace the residual rights and ownership provisions through the confidentiality obligations to confirm that the result reflects their intended agreement.

7. Third Party Beneficiaries

As indicated in item 4 above, there are many different situations in which one party may wish to disclose the confidential information of the other to a third party, e.g. the service provider may wish to disclose confidential information of the customer to its subcontractors or the customer may need to disclose confidential information of the service provider to other entities providing services to it in order for the various services to inter-operate. The outsourcing agreements will normally allow for such disclosures (sometimes with prior approval), so long as: (i) the receiving party has a need to know such information; (ii) the receiving party agrees to terms and conditions substantially the same as or equally protective as the confidentiality provisions of the outsourcing agreement; and (iii) the party disclosing the information remains responsible for the performance of the receiving party. 

These provisions may provide the customer or the service provider with some comfort concerning the disclosure to third parties of its confidential information. This comes from the expectation that the other party to the outsourcing agreement will be exercising diligence in selecting and monitoring the entities to which confidential information is disclosed because the other party is responsible for any breaches by the third party.

These provisions do not however provide the customer or service provider with the ability to enforce the third party’s compliance with the confidentiality obligations flowed down to it or a direct right of action against any third party for the third party’s breach of such confidentiality obligations. To achieve this result, it will be necessary to specify in the outsourcing agreement that the customer or service provider is a third party beneficiary of any agreement entered into by the other under which the customer or service provider’s confidential information is disclosed, e.g.:

“All agreements entered into by the customer or service provider under which the Confidential Information of the other party (the “Owner”) is disclosed or made available to a third party in accordance with this Agreement shall … include the following:

(i) provisions under which the third party agrees to and is bound by the confidentiality obligations set forth in this Agreement in respect of the Confidential Information of the Owner; and

(ii) provisions naming the Owner as an intended third party beneficiary of such confidentiality obligations set forth in the agreement with the third party, with the right to enforce such confidentiality obligations in respect of its Confidential Information directly against the third party and providing for the delivery by the third party of a certificate to such effect to the Owner on request from the Owner.”

It should not be taken for granted however that each party will automatically agree to include such a third party beneficiary provision in the outsourcing agreement. Either the customer or the service provider may not agree, as a matter of business philosophy, to allowing the other to have a direct right of action against its subcontractors or other service providers, or the arrangements it has implemented with the subcontractors or other service providers may not provide for such arrangements. If the inclusion of a third party beneficiary provision is important to a party, the issue should be raised early in the negotiations.

There is one additional item with respect to confidentiality obligations in outsourcing agreements that is worthy of comment: the standard of care that the parties must meet in protecting the confidential information of the other. That concern will be the subject of a future post. 

Multi-country outsourcing means customer engages supplier to deliver outsourcing services to its affiliated entities in various jurisdictions. Structuring and negotiating a long-lasting outsourcing relationship require the parties to effectively manage many risks. Multi-country outsourcing deals multiple the challenges.

There are different ways to structure a multi-country outsourcing relationship. The most commonly used approach is to have a framework agreement between the two principal entities and local agreement between local entities of the two organizations. The terms and conditions in the framework agreement will flow to the local entities except to the extent they have been modified in the local agreement. The local agreement will take into account any specific local requiremens (which may include specific local law requirements or unique service requirements for the local entities). The benefits of this structure is that it can avoid the need of re-negotiating all the legal terms and conditions in various regions and ensure consistency. In addition, customer may also be able to take advantage of volume discount while supplier may be able to get the benefit of economies of scale. The downside of this approach is that it may be perceived by local entities as having been forced to accept pre-negotiated terms and conditions. Depending on the specific circumstances, there may also be concerns of anti-trust regarding principal’s ability to impose obligations on its affiliates.

Even though the parties may have the terms and conditions negotiated in the framework agreement, the work at the local level is far from being completed. Aside from the usual local requirements, such as any employment legislation, dispute resolution requirement or governing law (for example where the services will be delivered in both common law and civil law jurisdictions), there are other issues that must be reviewed in preparing local agreements. For example, there has been an increased focus on on any privacy and security issues in any outsourcing relationship. There has not been any unified approach in dealing with these issues. Depending on the type of the data and the jurisdictions involved, certain data may not be able to flow freely across various countries. The parties will need to review the local requirement and address the local differences in privacy, security, data protection and cross-border data flow issues.

Aside from the privacy and data protection requirement, the parties also need to decide the appropriate service levels for various regions taking into consideration the criticality of the service in the region, the currency of the infrastructure, the availability of the resources in the region. There are also many other issues that will need to be discussed, including the performance measurement approach, reporting approach, the credit approach, and termination (for example, whether the termination triggers termination of the framework agreement or whether the termination operates on a country-by-country basis).

Also, if customer operates in a highly-regulated environment, local regulatory requirement must be looked at. For example, if the customer is a financial institution, there are guidelines published by regulators in various countries (such as Canada, Singapore, Japan,….) on the regulator’s expecation of some of the key terms and conditions in a material outsourcing arrangment entered into by a financial institution.

It is important to remember even if we use the framework agreement in multi-country outsourcing deals, one size does not necesary fit all and there are too many local variations to be ignored.

Fronterion, a consulting firm for outsourced legal services, recently revealed the Top 10 legal process outsourcing (LPO) trends for 2011 and released its second annual report outlining the prospects for the LPO industry in the coming year. 

The Top 10 LPO Trends for 2011 are: 

1) A Fundamentally Changing Legal Profession. Continued downward pressure on costs and the globalisation of legal services provide a perfect environment for LPO. Those who refuse to engage with LPO will increasingly become a minority – the industry can no longer be ignored.

2) Enterprise Approach. Many firms already outsource legal work at partner or department levels. However, LPO is more effective and efficient when a firm implements a firm-wide or ‘enterprise’ approach, led by senior management. 

3) Onshore Expansion. The growth in onshore and hybrid on-offshore delivery solutions will begin in earnest in 2011.

4) Expanding Client Geographic/Jurisdictional Reach. Demand for LPO services will spread to new markets.

5) Progressive Value Proposition. LPO providers will have to offer more services and a more progressive value proposition to remain competitive. Alongside traditional litigation support, LPO vendors may also have to offer contract portfolio servicing, compliance, diligence, human resources, medical and broader legal support functions. 

6) Increasing Technology Applications. As a result of the growing importance of technology, LPO vendors will use technology as a key selling point. Technology platforms will be used to offer diversified services and as a means for vendors to further embed themselves in client organizations. 

7) Dynamic Vendor Landscape. The unprecedented growth and industry consolidation initiated in the fourth quarter of 2010 will continue to shape the dynamic LPO vendor landscape in the coming year. Overall, these consolidation trends are positive for the industry as vendors emerge stronger, more capitalized and, most likely, considerably larger. 

8) Public Acknowledgement. The growing acceptance and adoption of onshore and offshore LPO will become more visible in the coming year. 

9) Divergent Vendor Approach. Competition means that LPO vendors will have to differentiate themselves from each other in terms of services offered and delivery models. No dominant model exists (yet) and a range of different approaches will emerge next year. 

10) Ethical Guidance. Regulatory bodies start to address the changing legal landscape. In the US, ethical commentary is expected from the ABA’s Commission on Ethics 2020. In the UK, announcements are expected from the SRA and the Law Society. Other jurisdictions that have been silent so far may follow suit, such as Australia, Canada, and South Africa. 

Whilst the research conducted by Fronterion was primarily focussed on the trends in the US and UK, the trends in Canada are very similar. Of the 10 trends mentioned in the report, three are worth highlighting. 

There is clearly a fundamentally changing legal profession in Canada, brought on by continued downward pressure on costs and the globalisation of legal services. Law departments and many law firms are acutely aware of this and are driving the hybrid on-offshore approach to legal services. For example, consider a scenario where a Canadian law department partners with both an LPO and a Canadian law firm for purposes of e-discovery document review. The LPO provides first level document review services. The law firm provides second level document review services; quality control; as well as traditional advisory services. This is a real life example of how LPO services are currently permeating the Canadian legal landscape.

Technology is (and will continue to be) a key selling point, both from a service delivery and a security point of view. Technology platforms are being used to offer diversified services and as a means for vendors to embed themselves in client organizations. 

At the end of the day though, LPO services (and the vendors of these services) will ultimately succeed only if they can deliver quality legal services at low costs. That’s an ‘old-fashioned idea” delivered in a whole new way. 

Now that 2010 has come to a close and the ink is dry on the flurry of year end deals, many of us can now sit back . . . draw in a long, deep breath . . . relax . . . and start to focus our vision on the opportunities that lie ahead for 2011. What would the start of a new year be without some predictions on the future of business process outsourcings (BPO). Here’s some of our projections for 2011: 

Importance of Cost Reduction – Cutting Measures 

The debates continues as to whether or not we are starting to come out of the economic recession. Regardless, most of us will agree that we are not quite out of it yet. This is having some definite effects on outsourcing transactions, whether the ink on the deal is dry or not. Clients are looking for ways to extract cost and value from their outsourcing deals. Some deals are being completely renegotiated, while others are just trying to do things differently through their governance and change order processes. There is one common thread that we see emerging – vendors are being asked to partner with the clients to come up with creative ways to drive down deal costs. This is a trend that we expect to see continue throughout 2011.

Innovation – Deal Value

Clients are increasingly looking for vendors to come forward with innovative technologies and solutions to drive value from the deal. This is linked to the shift in focus towards cost reduction (as discussed above). Vendors are expected to come forward with better, cheaper, faster ways of performing, with some emphasis on the “cheaper”. It’s a bit of a double-edged sword as innovation typically requires capital investment. If the outsourcing isn’t priced to accommodate innovation (and the corresponding capital investment), then there could be a conflict between a client’s desire to have ongoing innovation and a vendor’s willingness to provide it without additional funding.

What clients mean by innovation is something that warrants further discussion between the parties, preferably during the negotiation phase of the outsourcing (instead after the deal is signed). For example, we all know that virtualization isn’t new as it has now been around for a few years. Nonetheless, virtualization in one method that is gaining popularity for both innovation and cost cutting (although some may say that it is no longer innovative). One key element of innovation will be coming to a common understanding between the parties as to what it means as innovation will be different depending on the life cycle and technical maturity of the outsourcing. Given that we are not out of the rescission yet, we expect to see the “innovation” trend to be used as a cost reduction throughout 2011, for existing deals and for new outsourcings. 

Security of Data 

With Wikileaks on everyone’s mind, and the focus on keeping sensitive information confidential, we expect to see a tightening of technology and other protocols around the security of data. Its no longer good enough to worry about the main technology system supporting an outsourcing – thought now has to be given to all of the peripheral devices that are used in day-to-day business from basic blackberries to iPads and whatever the next greatest thing will be. We expect this to manifest itself in 2011 through a tightening of internal controls, corporate policies, specialized training and technical safeguards, to name a few. We also expect that stringent data security controls will become a cost of doing business and that the luxury of doing just “enough” will no longer be afforded to industries dealing with sensitive data or personal information. 

Continued BOP Opportunities – Growth Bundling One Comprehensive Approach 

2009 projected into 2010 indicated that BPO was still really strong. For 2010 projecting into 2011 we are seeing more bundling of IT delivery with BPO. This is a trend towards holistic solutions that clients can use in numerous applications. For example, some tools with multiple functionality will replace multiple BPO outsourcings for each distinct service, giving a holistic solution to the client from one service provider. What does this mean? Perhaps we will see some rationalization of the number of different service providers used by any one client. This will put service providers with the competitive edge in the forefront. We expect that the competitive edge could fall to service providers with a broader experience base, the ability to innovate and cost cut, and who can survive and ride out the economic recession.

Supplier Consolidation

Several industry leading vendors have gone through their own merger activities in the last few years. While this consolidation inevitably results in “synergies”, new opportunities, the shifting in market reach (and market share) result in changes to the competitive landscape that make it difficult for the smaller vendors to survive, particularly in slow economic times. This will create challenges for some vendors and opportunities for others. It may also result in some unexpected mergers of vendors as a defence strategy for survival. For clients, this may mean some disruption to the status quo as the landscape changes, but it could also bring about opportunities for changing the status quo for clients who are looking for more value, cost savings and innovation. 

Summary

2011 will be a dynamic interesting year for BPOs, both existing deals and new ones. We expect to see many changes in the landscape with a growing and continued emphasis on deal value, costs savings and innovation at a time when the vendors are going through a lifecycle of consolidation and change. While this year promises new challenges, we expect to see positive outcomes from the growing trends that may change the shape of outsourcings as we move through 2011 and into 2012. 

The typical outsourcing involves the outsourcing of not only a business function, but also the technological infrastructure to support it. When preparing an outsourcing agreement, the hardware, software and systems of each party to the outsourcing need to be carefully considered and well understood. It should be part of the due diligence of embarking on the outsourcing process.

Most companies that are looking to outsource will already have in-house technical expertise. This in-house expertise should be relied upon to map out a company’s technical capabilities and limitations. This will set the stage for properly mapping the technical requirements for the outsourcing, including what resources are necessary from the company to be successful. Failing to properly identify these technical requirements will inevitably lead to higher transition and implementation costs, and may lead the parties to the outsourcing to dispute.

The analysis may not be adequately performed by in-house resources. In-house resources may speak their own jargon and not the language of the industry at large, leading to interpretation issues that can rise later on. Some “three letter” companies particularly are known for their use of jargon, but it is a tendency that persists in every organization to some degree. Similarly, in-house resources may not be aware of the most recent or most prevalent standards in the IT industry at large because they have been working within their own particular niche and the particular needs of their business. Serious misunderstandings in the scope of services to be provided can arise from these subtle but important differences in meaning.

In more complex or sensitive outsourcings, companies should consider bringing in additional technical resources on contract. In-house folks are invaluable in understanding the needs of the business itself, but they should be paired with outside technical expertise who can translate the needs of the business into technical specifications that are clear and written in the industry standard language.

Having adequate technical expertise assists in preparing the outsourcing agreement as well. Technical resources that have prepared the technical specifications can be a resource to lawyers preparing the contract by ensuring that the language used in the contract is consistent with that in the specifications and the industry at large.

Technical resources should be also be consulted to assess whether contractual mechanisms that are in place are appropriate for the technology being employed. For example, consider an outsourcing which calls for an interface between the in-house systems and the systems of the party performing the outsourcing services. The interface should be very carefully understood to identify any dependencies between the two parties to it. These dependencies need to be understood at the contracting phase to avoid differing expectations, scope creep, and disputes. If the dependencies or requirements of each party are not understood after the contracting phase it may be too late to provide for adequate remedies in the contract, or adequate flexibility within the contract, to address unforeseen circumstances caused by them.

Technical resources can also be invaluable in determining appropriate remedies for contractual failures. For example, in typical North American outsourcing, there will be service levels which may have service level credits or penalties applied for failures. The service levels, and how failures of service levels may arise, should be understood from a technical perspective so that the parties are not creating service levels that are immeasurable, unmanageable or unrealistic. Such flawed service levels distort the business relationship between the parties and drive undesirable behavior, undermining their value entirely.

Any outsourcing team should be staffed with skilled technical resources – individuals that can speak to both the in-house technologies being used, and to the outsourced technologies being employed, and understand any dependencies and interrelationships between them. If you are considering outsourcing, consider not only having appropriate legal counsel but also appropriately skilled and knowledgeable technical counsel. 

My kids watch a popular TV show called Mythbusters in which the hosts seek to uncover the truth behind popular myths. While watching it with them the other night, it struck me that outsourcing has its own share of myths. One that I think deserves having a light shined on it is benchmarking. In this article, I’ll discuss the myth around benchmarking, its impact on an outsourcing agreement, what I take to be benchmarking’s proper role, and I’ll endeavor to do it all with the same “gleeful curiosity and plain old-fashioned ingenuity” that the hosts of Mythbusters are described by the Discovery Channel as possessing. Ready?

The Myth

Benchmarking refers to a process whereby a customer engages the services of a third party expert to review the services in the outsourcing deal with its vendor. The third party expert (the benchmarker) then compares those results against other comparable deals to determine whether the customer is realizing good value. Sounds straightforward; so, what is the myth surrounding benchmarking?

To my mind, there are misconceptions about benchmarking. And, the most significant of those misconceptions is that benchmarking is a substitute for the running of a competitive RFP process. This myth most often materializes in the context of a deal in circumstances in which the customer is under time pressure. A decision is made to sole-source the negotiation with a single vendor, and then rely on benchmarking in order to ensure that “market based” pricing is achieved. Myth #1: benchmarking is not a proxy for the conduct of a competitive RFP process (which by its nature does disclose market pricing).

The Normalization Process

The first thing to understand about benchmarking is that it is equal parts art and science. The straightforward description above of this process belies the difficult exercise of “normalization” – that is, undertaking the benchmarking exercise in order to obtain an “apples to apples” comparison of pricing. Factors that are included as part of the normalization exercise include:

• The state of the customer’s environment – how modern it is may well have an impact of what techniques a vendor may utilize in order to deliver services, how efficient the vendor may therefore be, and accordingly, what the vendor’s pricing is in turn.
• Where the services are being delivered from – the use of different geographical locations require the vendor to remunerate is resources at different levels in order to remain competitive in those marketplaces from a salary perspective. This in turn has an impact on the vendor’s cost base, which is realized as contributing factor the hourly rate charged for those resources.
• The quality of services the customer desires to obtain – the quality of services is inextricably linked to each of the scope of services and the pricing for services. Together, these three elements are locked as a triumvirate. So, for example, if you wish to increase scope, but maintain quality, then typically there will be a corresponding increase in pricing; and if you wish to maintain scope, but increase quality, then again there will typically be a corresponding increase in pricing.
• The scope of services the customer has bargained for – the pricing for certain services where they alone constitute the scope of services for a certain outsourcing may be radically different than the price for those services where they form part of a much broader scope of services in an outsourcing. The difference between these two models is that the vendor may be able to achieve an acceptable level of profitability by cross-subsidizing the price between two or more services under a broader mandate. The healthy margin of profitability it may achieve with respect to one line of service is then used to offset another line that is less (or not) profitable. The broader outsourcing thus permits the vendor greater pricing flexibility than could be realized with respect to the single line of service alone.

There are many more like examples, and all of this is the province of the benchmarker to normalize so that its report results in an “apples to apples” comparison of pricing. Most vendors hate benchmarking; a few have corporate policies in place that preclude their entering into deals that require benchmarking. It’s not difficult to see why vendors have this reaction – a benchmarking clause is used exclusively to lower the vendor’s pricing under a deal, and never to permit it to increase pricing. So it’s all downside for the vendor, or at best, the maintenance of status quo. 

Beyond Benchmarking 

The difficulties inherent in the normalization process are what lead me to conclude that benchmarking is not a substitute for a competitive RFP process. But does that mean this concept should never form part of an agreement? If a customer is entering into a long-term outsourcing agreement (5 years in length or more), then I believe some concept of benchmarking is important to include as part of the agreement. The problem the customer faces with respect to the pricing for a long-term outsourcing is to account for the impact of time and associated changes on the marketplace (new technology, new methodologies, new tools, resources, etc.), which, in the absence of a benchmarking clause, would be external to the deal.

However, I also believe that a long-term outsourcing agreement must include other concepts that are also intended to support a customer’s ability to account for time’s impact, such as “continuous improvement” clauses, and SLA review / improvement clauses that entitle customers to set new SLAs and modify existing SLAs within an agreed framework. And, most importantly, a long-term outsourcing should include an annual strategic planning concept in which the customer can describe its intended strategic direction for the forthcoming future, and the vendor can find ways to contribute to the success of that future, including through the utilization of new technology, new methodologies, new tools, resources, etc.

In this way, to my mind, governance takes an increasingly important role with respect to the maintenance of “on market” pricing as part of a long-term outsourcing, as the parties conceptually move closer to an arrangement resembling a strategic alliance. The art in this context is to identify metrics for success that align each party’s interest. This is a point I will cover in my next article in which I seek to bust the myth that what’s good for a vendor must be bad for a customer and vice versa.

Many times clients start outsourcing process before they are ready. Premature outsourcing decisions sometimes are driven by executive decision that the outsourcing function will need to be completed by certain deadlines. This can cause lots of problem. Effective negotiation of any outsourcing deals requires clients to perform proper due diligence and gather necessary internal data before the outsourcing process starts. Such data could include scope of services required, current mode of operation, desired future mode of operation, historical service level performance, extent of employees impacted, third party contracts and current cost base. 

Defining service requirements based on client’s own internal need is critical to any successful outsourcing relationship. Without reliable data, it will be very difficult to structure an outsourcing deal that will last. Surprisingly, many clients rush to issuing the RFP without having gone through internal due diligence or to gather the necessary data. Some clients rely on the service requirements proposed by suppliers which may not necessarily meet client’s need. When the internal data is not available or the quality of which is questionable, suppliers will be unwilling to commit and very often, the parties will be left with an agreement to agree in the outsourcing agreement. While an agreement to agree may be able to satisfy the imminent need of both parties to get the contract done, it offers very little protection to either party. It is certainly a no win situation from the client perspective. The transition is underway and if the parties could not agree on the undefined items, the parties will be in a dispute situation. This usually means that the parties will invoke dispute resolution mechanism and engage in lengthy negotiation which usually translates into project overtime and over budget. This is also a no win situation from the supplier perspective because recasting the solution is a costly exercise. Engaging in a dispute at such early stage is also very damaging from the relationship standpoint. 

Having comprehensive service requirements at the very start of the process will minimize the chances that the service requirements will need to be renegotiated or recast at the eleventh hour due to insufficient or questionable data. Recasting or revising the service requirements usually means there will be a revision to the bid price. In order to have a meaningful comparison of various bids from different suppliers, client will need to articulate its requirements so that suppliers can price its solution based on a defined set of service requirements.

It is not an easy task for clients to gather internal data because the IT or operational processes of many client organizations may not be at the same standard as the top tier IT suppliers. While the internal due diligence may require lots of time and effort for clients, the result of the due diligence provides more extensive and reliable data upon which both client and supplier can rely to structure an outsourcing deal that will meet the need of both parties and produce a deal that will last.

Confidentiality obligations are a fundamental part of all outsourcing agreements. As part of an outsourcing transaction, the customer and the service provider each agree to make Confidential Information available to the other but subject, in each case, to the limitations on use, disclosure and retention that are agreed to in the contract. Unfortunately, customers and service providers don’t always get it right and the parties sometimes find, after signing the agreement, that information intended to be kept confidential need not be or that information intended to be freely available is subject to unwelcome restrictions that limit its usability. In this posting and the one to follow, I want to discuss a potpourri of issues relating to confidentiality obligations where care and attention may be needed to ensure that the parties achieve the results they are intending.

1. Return or destruction of Confidential Information on expiration or termination

The confidentiality obligations of many outsourcing agreements require each party to return or destroy the Confidential Information of the other party on expiration or termination of the Agreement, in words similar to the following:

Upon the expiration or termination of the Agreement or on completion of a party’s obligations under the Agreement, the party shall return or destroy, as the other party may direct, all material in any medium that contains, refers to or relates to the Confidential Information of the other party.

Such provisions are problematic. First, in the digital age in which we now live, it will be economically impractical if not virtually impossible for a party to return or destroy all copies of the Confidential Information of the other party made during the term of a multi-year outsourcing agreement. Copies of the information will be located across the enterprise in storage systems, on backup or archival tapes, in the email systems, on individual laptops, on flash drives and in hard copy form. It is not clear that the customer or the service provider could ever locate and expunge all copies of the other’s Confidential Information. Nor is it clear that, so long as the information continues to be subject to the confidentiality obligations of the outsourcing agreement, there is any significant benefit to be gained from so doing. This is the reality of the digital age.

Second, and this has long been the case, there may well be legitimate reasons for a party or its advisors to retain a copy of the other’s Confidential Information after expiration or termination of the Agreement. Either party may be subject to statutory obligations requiring it to keep copies of the Confidential Information for a specified period of time or, in the course of performance of the agreement, need to provide the information to professional advisors such as auditors whose professional obligations will require them to retain copies. The customer may require use of Confidential Information of the service provider in connection with its re-procurement activities. And the service provider could potentially be involved in disputes with its subcontractors that survive the term of the outsourcing agreement and for which it requires copies of the customer’s Confidential Information.

The real issue is how to treat Confidential Information at expiration or termination and this is not being properly addressed in outsourcing agreements: many contracts still require the return or destruction of all Confidential Information at end of term. However there are ways of dealing with the issue that recognize the parties’ interests in protecting the confidentiality of their information including, perhaps, through the following two-pronged approach. As a first step, the parties should agree to the obligations that will apply generally on expiration or termination of the outsourcing agreement. (A sample provision is set out below.) Next, the parties should identify any Confidential Information for which the general provision is not adequate and that must absolutely be returned or destroyed at end of term. For any such information, once it has been identified, the parties should discuss: (i) how such information will be collected, used, processed and stored during the life of the agreement so that it is capable of being returned or destroyed at end of term; and (ii) their respective responsibility for the costs thereof. If the customer and the service provider are realistic and reasonable in negotiating the general provisions, there may well not be any Confidential Information that requires such special treatment.

This approach to the return or destruction of Confidential Information may be based on a general provision such as the following: 

 Upon the expiration or termination of the Agreement or on completion of a party’s obligations under the Agreement, the party (the “Expunging Party”) shall use all commercially reasonable efforts to return or destroy or cause to be returned or destroyed, in a prompt manner, all materials in any medium that contain, refer to or relate to the Confidential Information of the other party which are in the Expunging Party’s possession or control or in the possession or control of any of the Expunging Party’s permitted representatives. The Expunging Party’s obligations under this section include the obligation to use all commercially reasonable efforts to expunge all Confidential Information of the other party from any systems or equipment in the possession or under the control of the Expunging Party or into which the Confidential Information of the other party was programmed or inserted by or on behalf of the Expunging Party or its permitted representatives. Notwithstanding the foregoing, each of the Expunging Party and any of its permitted representatives shall be permitted: 

1. to retain and use one copy of the Confidential Information of the other party for the sole purpose of compliance with and to the extent and for so long as required by: (1) any law applicable to it; (2) any court, regulatory agency or authority to which it is subject; or (3) the professional standards of its professional governing body (to the extent in possession of the Confidential Information in a professional capacity); and
2. to retain any electronic records and files containing Confidential Information of the other party which have been created pursuant to the automatic or normal course archiving and back-up procedures of the Expunging Party or its permitted representatives.

Any Confidential Information of a party that is not returned or destroyed pursuant to this section shall continue to be subject to the confidentiality and non-disclosure provisions of this Agreement notwithstanding any expiration or termination of this Agreement.

2. Including Agreement terms and conditions within the definition of Confidential Information

It is not uncommon to see a provision equivalent to the following in an outsourcing agreement:

Confidential Information shall also include, whether or not designated as ‘Confidential Information’: 

(a) the terms and conditions of this Agreement, any schedules or exhibits thereto or any Statement of Work;

This provision leaves me feeling a little confused. While the provision confirms that the terms and conditions of the outsourcing agreement are confidential, it does not spell out precisely whose Confidential Information it is. Presumably we are to infer that the terms and conditions of the Agreement are the Confidential Information of both parties.

Presumably we are also to infer that, just because the Agreement is the Confidential Information of a party, that does not entitle the party to use or disclose the information as it sees fit. Since the Agreement is also the Confidential Information of the other party, the consent of the other party is required for any disclosure of its terms. If, for example, the customer or the service provider wanted to disclose the outsourcing agreement in connection with an M and A transaction or to disclose pricing to a third party, it would require the consent of the other party to do so.

Even so, the consequences of declaring the terms and conditions of the outsourcing agreement to be confidential may still be unclear. In particular, precisely which terms and conditions are confidential? Are the “boiler plate” provisions? Or is it only the provisions describing the fundamentals of the deal? What if the outsourcing agreement were to have been developed based on the template of one of the parties? Do the confidentiality obligations applicable to the outsourcing agreement now trump any proprietary rights the drafter may have in its template agreement? Or can the party rely on the exceptions to the confidentiality obligations for information previously known to it to claim that anything developed by it independently of the other is not the confidential information of the other party?

There are other ways of dealing with the Confidential Information in an outsourcing agreement than by simply specifying that the entire agreement (terms and conditions, schedules, exhibits and statements of work) is confidential. It is open to the parties to identify the specific components of the agreement that are confidential, whose confidential information it is and any special circumstances under which the information may be disclosed. While this may appear to be an extraordinary amount of work, it will avoid the situation in which the customer or service provider discovers, after the fact, that it requires the consent of the other to the use or disclosure of the outsourcing agreement (which consent may not always be forthcoming or be given subject to restrictions that make it unworkable). 

There is one other further aspect of this issue – declaring the outsourcing agreement to be confidential – that private sector service providers entering into outsourcing transactions with government entities should be aware of: it usually doesn’t work, at least with respect to the government entity. Regardless of what the outsourcing agreement says about the confidentiality of the Agreement terms and conditions, it will be extraordinarily difficult for the service provider to prevent the terms and conditions of the agreement being disclosed in response to third party access to information requests. Moreover, such disclosure is unlikely to be a breach of the agreement because most outsourcing agreements with government entities will carve out of the confidentiality obligations any disclosures required by freedom of information legislation or applicable law.

By way of example, in Ontario, under section 17(1) of the Freedom of Information and Protection of Privacy Act, R.S.O. 1990, c. F.31, the head of a government institution is required to refuse to disclose scientific, technical, commercial, financial or labour relations information supplied in confidence if the disclosure could reasonably be expected to have one of the consequences set out in paragraphs (a) – (d) of the section. However, as service providers have discovered in attempting to prevent the disclosure of their agreements, the question of whether disclosure will engender one of the consequences set out in paragraphs (a) – (d) is largely academic. The investigation usually never gets beyond the petard of “information supplied in confidence”. Because outsourcing agreements are negotiated by the parties, they can almost never satisfy the condition of having been supplied in confidence. Order PO-2018 (2002) of the Office of the Information and Privacy Commissioner (Ontario) (available at http://www.ipc.on.ca/images/Findings/Attached_PDF/PO-2018.pdf) indicated:

Because the information in a contract is typically the product of a negotiation process between two parties, the content of contracts involving an institution and an affected party will not normally qualify as having been “supplied” for the purposes of section 17(1) of the Act. Records of this nature have been the subject of a number of past orders of this office. In general, the conclusions reached in these orders is that for such information to have been “supplied”, it must be the same as that originally provided by the affected party, not information that has resulted from negotiations between the institution and the affected party.

The fact, however, that a contract is preceded by little negotiation, or that the contract substantially reflects terms proposed by a third party, does not lead to a conclusion that the information in the contract was “supplied” within the meaning of section 17(1). The terms of a contract have been found not to meet the criterion of having been “supplied” by a third party, even where they were proposed by the third party and agreed to with little discussion (see Order P-1545). 

(See also, by way of example: (i) Office of the Information and Privacy Commissioner (BC), Order F09-04, available at www.oipc.bc.ca/orders/2009/OrderF09-04.pdf; (ii) Office of the Information and Privacy Commissioner (BC), Order F08-22, available at www.llbc.leg.bc.ca/public/pubdocs/bcdocs/156693/2008/orderf08_22.pdf ; and (iii) Office of the Information and Privacy Commission (British Columbia), Order F10-39, available at www.oipc.bc.ca/orders/2010/OrderF10-39.pdf.) 

3. Definition of Confidential Information

Confidential Information is sometimes defined in an outsourcing agreement as:

any technical, business, financial, personal, employee, operational, scientific, research or other information or data in whatsoever form or media, whether in writing, electronic form or communicated orally or visually that, at the time of disclosure or within thirty days thereafter is designated as confidential (or like designation).
(emphasis added)

The provision entitling a party to designate information, for a period of thirty days after its disclosure, as Confidential Information is a hangover from the world of standalone NDAs and is of dubious value. It leaves open the question of what the impact of this ex post facto designation of information as confidential is in respect of any pre-designation disclosures. Is a party prohibited from disclosing confidential information for a period of thirty days lest it subsequently be determined to be confidential? Are the third parties to whom such information has been disclosed free to use the information without restriction but the party to the agreement (who now realizes the information is confidential) is prohibited from doing so?

There is a serious issue here, namely how to deal with the disclosure of information that, while confidential, is not specifically identified as such at the time of disclosure. In these circumstances, it may be preferable to address the issue by resorting to an objective standard, e.g.:

Confidential Information” shall mean all information provided or made available, whether directly or indirectly, by one party to the other that: (i) is marked confidential, limited distribution or with a similar designation; or (ii) if unmarked, which the receiving party should reasonably know is confidential.

In my next posting, I will continue to look at issues relating to confidentiality obligations in outsourcing transactions where special attention may be needed including with respect to designating personal information and intellectual property as confidential and in respect of third party beneficiaries.

This is the third and final contribution focusing on some differences between North American common law regimes and Quebec’s civil law system in the area of IT contracting. The first two contributions dealing with the same subject-matter can be found at: Seller Liability for Software Integrators? and Use Best Efforts Not To Rely On “Best Efforts”.

I thought I would use my last contribution on the specificities of Quebec’s legal regime to provide a quick snapshot of selected key issues which IT practitioners should be aware of when negotiating a contract governed by the laws of the Province of Quebec.

Traditionally in common law, the contract is the law of the parties and the law of the land serves to complement and supplement the contract if necessary. While this is also generally true in Quebec, the impacts of the law of the land in Canada’s only civil law jurisdiction are slightly greater given the Civil Code’s precedence over certain contractually-negotiated terms. As a matter of fact, the Civil Code contains of wide array of provisions which constitute implied terms of every contract governed by the laws of Quebec. To an experienced IT practitioner, certain “implied” terms (for ex. the general duty of “good faith” discussed below) can be surprising because similar terms have been consistently rejected by the Courts as implied terms in contracts governed by common law regimes.

This short article is in no way an exhaustive review of the provisions which may affect IT contracts in Quebec, but the following issues are noteworthy and some may have a significant impact in the negotiation and interpretation of IT contracts governed by the laws of Quebec:

1. Good Faith

Since the early versions of the Civil Code, the notion of “good faith” has always been one of the cornerstones of La Belle Province’s legal regime. Articles 6, 7 and 1375 of the Civil Code together create an implied duty of “good faith” in contractual relations. Article 1375 constitutes the broadest expression of this implied duty of “good faith” in contractual relations:

“Art. 1375. The parties shall conduct themselves in good faith both at the time the obligation is created and at the time it is performed or extinguished.”

What this means is that parties must act in good faith not only in performing a contract, but also when they negotiate or terminate it. For those interested in the leading judicial application of the pre-contractual duty of good faith, please see Bank of Montreal v. Bail Ltée, [1992] 2 S.C.R. 554), which stands for the proposition that good faith requires a party to disclose to the other, as part of the negotiating process, non-available material information. In the IT context (like any other), the duty of “good faith” therefore has impacts on how the parties negotiate, perform and terminate their agreements.

2. Consumer Protection

Quebec has a fairly strong consumer protection regime in place. Not only does the Civil Code contain certain provisions applicable to “consumer contracts”, but there is also an extensive Consumers’ Protection Act (“CPA”) in force in Quebec. Almost every contract entered into by a merchant in the course of business with a consumer located in Quebec is governed by Quebec’s consumer protection laws. While the mandatory provisions of the CPA may not be relevant to sophisticated IT contracts, they nonetheless may apply in the context of IT-driven agreements such as end-user license agreements or maintenance services offered directly to the end-users.

The application of the CPA to a contract can have very significant consequences. For example, Section 10 of the CPA prohibits limitations of liability in consumer contracts, while Section 11.1 prohibits arbitration clauses. Section 19 renders illegal a “governing law” clause which stipulates that the contract is subject to the laws of a jurisdiction other than the Province of Quebec and the laws of Canada applicable therein.

3. Good and Valuable Consideration

The common law concept of “good and valuable consideration” is well anchored in contract drafting and is often used even in Quebec. Not a lot of IT practitioners know that the concept of “good and valuable consideration” has no real meaning under the laws of Quebec. The Civil Code does not make it a condition to the validity of a contract that consideration exists. Instead, the Civil Code requires that a contract has a “cause” and an “object” in order to be valid and binding. The cause of the contract is “the reason that determines each of the parties to enter into the contract” (Article 1410 of the Civil Code). The “object” of the contract is quite simply its subject-matter, which in the IT world means either the products delivered and/or the services provided. While this may seem like semantic, it means that contracts can be perfectly valid in Quebec despite the absence of any consideration. For example, the general practice of assigning rights for the amount of one dollar ($1) has no justifiable existence under the laws of Quebec; assignments can take place without any exchange of money provided that the parties have valid reasons (i.e. a “cause”) for entering into such a bargain.

4. Scope of Recoverable Damages

In common law, damages are the default mode of compensation for breach of contract. The nature and extent of recoverable damages are assessed by the Courts on a case-by-case basis, except for rare cases where statutory damages are permitted by law (for ex. under the Copyright Act). In Quebec, the nature of recoverable damages is expressly governed by the Civil Code (Art. 1611 to 1625). Article 1607 specifically limits recoverable damages to what is the “immediate and direct consequence” of the nonperformance. Article 1613 adds that in contractual matters, only damages foreseen or foreseeable at the time of the contract are recoverable. 

Therefore by definition in Quebec, “indirect” damages are excluded by law (and excluding “indirect” damages by contract is meaningless). But contrary to what common lawyers might then believe, this does not mean that common law “indirect/consequential” are out altogether. The focus under Article 1613 of the Civil Code is not on the characterization or labelling of the damages caused, but rather on causation and forseeability. As a result, all damages that are the direct and foreseeable will be compensated. If, for example, loss of profits and loss of opportunities can be proven to be a direct consequence of the defaulting act, they may be recoverable under the Civil Code, provided of course they are not specifically excluded by contract. If parties to a contract governed by the laws of Quebec wish to exclude indirect damages such as loss of profits and loss of opportunities, they should specifically state so using clear language. And it should be noted that standard common law exclusion of consequential damages provisions are usually drafted in a manner that is inefficient to exclude these in Quebec.

On the bright side of things, it should be noted that Quebec courts are typically quite rigorous when asked upon to award lost profit-like damages. For even in the absence of a contractual exclusion of lost profits, the only lost profits recoverable will be those proven to be the direct, immediate and foreseeable result of a breach. Nevertheless, good practices obviously dictate to include in every contract an appropriately crafted exclusion of lost-profit like damages. 

5. Conclusion 

Undertaking a complete review of the Civil Code’s impact on IT contracting would be a daunting task which would go far beyond the objectives of this blog. Just like several other jurisdictions, the laws of Quebec are often not adequately drafted to address issues and realities that are specific to the IT field. General legal regimes under the Civil Code may have unwanted and significant effects on IT contracting practices. When it comes to obtaining legal advice for IT issues in Quebec, the fail-proof method of selecting a restaurant in a foreign land is advisable… get a “local” to make the recommendations.

[I would like to thank my colleague Maxime Gagné for his invaluable contribution to this piece, especially given the frantic period of the year we are in now.]

I recently participated in a panel discussion called “Unbundled Work/Unbridled Success: Sourcing Canadian Legal Services Differently” at the Sixth Annual Canadian Bar Association Law Firm Leadership Conference. A significant portion of the conference covered legal process outsourcing (“LPO”). Professor Richard Susskind moderated the session on LPO. The conference was well attended by virtually all of the major law firms in Canada and the majority of the attendees were the managing partners of these firms. 

The conference was a personal highlight for me, for two reasons. Firstly, Richard Susskind was the moderator of the LPO session. Need I say more? For those of you who don’t know who Richard Susskind is; let me enlighten you. Susskind published The End of Lawyers? Rethinking the Nature of Legal Services in 2008; and in 1996, he published The Future of Law. Suffice it to say that Susskind has a very strong opinion about where the legal industry is going globally in the future. 

Susskind’s books predict significant new pressures on the legal marketplace and, as a result, great change in the legal industry. Susskind challenges lawyers by asking them to ask themselves what elements of their current workload could be undertaken more quickly, cheaply, and efficiently, or to a higher quality using new methods of working. He argues that the market will not tolerate expensive lawyers for tasks that can be better performed with modern systems and techniques; and he claims that the legal industry is being drawn towards the commoditisation of legal services, and by new and disruptive legal technologies. Is there a threat to local lawyers? According to Susskind, their jobs may be eroded; however at the same time, for entrepreneurial lawyers, Susskind foresees different law jobs emerging which may be highly rewarding, even if different from the law jobs of today.

My second highlight was that although there appears to be low awareness (in Canada) of what LPO is all about, many of the law firms attending the conference were not opposed to LPO. In fact, a number of lawyers openly expressed their view that LPO is likely to be a viable way forward for law firms to do “routine repetitive” work. Imagine that! It was refreshing to see law firms viewing LPO potentially as offering them a competitive advantage over competitors. 

On the M&A front, the market for LPO businesses is heating up. Infosys is reportedly looking to acquire an LPO business and Thomson Reuters recently announced that it has acquired Pangea3 (one of the early entrants to the US LPO business). The public markets and venture capital industry are clearly not interested in investing in law firms (as a business per se). That is clearly not the case for investment in LPOs. What does that tell you about the LPO business model? According to Mitch Kowalski’s Financial Post Legal Post Blog, law firms that do not have a well-thought business answer to LPOs may soon be “out of business.”

The nomenclature of a contract can subtly alter the relationship between the parties. The choice of particular words can create tension when exercising the provisions containing them simply because of how they sound, and what impression those words make in the mind of the reader. The legal effect can be identical, but a subtle psychological bias can be introduced by selecting loaded words as definitions or terms. This bias can be reinforced by using the notice provisions of the agreement to influence whether a notice is communicated, and how it is communicated.

Consider a scenario where a first party is required to perform, and a second party is to notify the first when its performance is not to the standards in the contract. In this scenario, the contract calls for a "deficiency notice" to be sent, and permits such notices to be sent by email. The connotations of the word "deficiency" are relatively innocuous. The word suggests that only a minor breach has occurred. It could be easily inferred that deficiencies will occur regularly, and the parties are encouraged to discuss them. The term does not, in and of itself, say anything about the parties themselves, only that one party’s performance is below standard in some respect. The word “deficiency” as a noun is not generally used to describe a person, so does not tend to invoke an emotional response in those that hear it. (In my mind, it is comical to describe someone as a “deficiency”, since it is so incongruous.)

Consider a second scenario, nearly identical to the first, except that instead of sending a "deficiency notice", the contract describes a "failure notice" for exactly the same circumstances. This “failure notice” has a prescribed form having particularly legalistic language. The “failure notice” must be sent according to a specific procedure for providing notice that is onerous. Perhaps the “failure notice” is addressed to a senior executive instead of a manager or project manager, and must be hand delivered. The connotations of a "failure notice" are harsh. The word “failure” can be used to describe both an event and a person, and therefore tends to invoke an emotional response in those that hear it. By providing a "failure notice", the second party is by implication branding the first a "failure", describing not only the first's performance, but implying something about the first party itself.

If the likelihood of a party not performing to contract is the same in both scenarios, the choice of language will have a meaningful impact on the relationship between the parties. In the first scenario, by choosing words that are benign and selected carefully to facilitate communication, the parties will enjoy a better relationship. Relationship managers and project managers living the contract day to day will feel comfortable sending deficiency notices by email, since doing so will be less likely to be perceived as an insult to the other party. In contrast to the first scenario, in second scenario, the contract creates an atmosphere of hostility and sets up the parties as adversaries. Those that are implementing the contract are required to send notices framed in aggressive language that sets the stage for dispute.

One approach is not necessarily better than the other. Since the choice of language will have a subtle but serious impact on the relationship, it should be chosen with the relationship of the parties in mind. There are some business arrangements that will lend themselves to a more intimate partnership, and some where a more distant relationship is appropriate.

Lawyers should carefully consider nomenclature when drafting a contract intended to govern a long term relationship. Long after the lawyers have left the scene, relationship managers and project managers from both parties have to live with the fallout of those word choices.

There is an old adage that goes: “a good arrangement between parties is one where the contract can be put away at the end of the negotiation and never looked at again.” And who can complain with the apparent wisdom of this adage? It implies that the parties are so sufficiently well aligned and cooperative that a written contract is merely a formality, and that any circumstances can be accommodated through rational and cooperative behavior. I’ve never met a businessperson who did not subscribe to this adage. And I myself never questioned its apparent wisdom until the past 24 months or so. I now believe that, while there may be transactions where this adage may continue to hold true, it makes little sense in outsourcing arrangements. Let me explain why.

The complexity of an outsourcing arrangement is in many senses unique. That is not to say that other corporate commercial arrangements an enterprise may enter into are not complex. However, an outsourcing transaction is unique in its impact on the enterprise’s internal processes. The way things were done prior to an outsourcing are often manifestly different than the way things are done subsequently. It is a truism to say that changing process is difficult to do. Accordingly, a “stay back” team conventionally helps an enterprise manage its way through these changes. These teams are often comprised of individuals who have deep project management expertise, and are in turn supported by IT and finance groups. Even if the stay back team starts out by managing the relationship in strict conformity to the agreement, over the term of the arrangement (which may span many years), the contract is typically referred to less and less. Instead, decisions on how to handle issues, which inevitably arise in the context of an outsourcing, are dealt with in real time by each party’s business personnel, often with little regard for the processes set up in the agreement. This fluidity to the parties’ relationship can lead to some significant issues.

First, the regimes set out in the outsourcing agreement, which are designed to provide protections for the customer, are not followed. By way of a recent example, a customer and its outsourcing vendor determined that a change was required as part of an outsourcing. The vendor proposed initiating the change as a new service outside the documented change control process, on the basis that it would be “faster”. The customer agreed; speed was desirable to it. Subsequently, there was a disagreement over amounts payable as part of the institution of the change. In the circumstances, the customer’s agreement to permit the change to be made outside the documented change process deprived it of: (i) agreed contractual provisions detailing the allocation of responsibility for costs in the context of changes; and (ii) dispute resolution mechanisms, culminating in mandatory baseball arbitration provisions (which in turn had been drawn up in reference to agreed principles). To the extent that the original negotiation resulted in processes and an allocation of risk that the customer had fought hard to win, moving off the negotiated agreement had the inadvertent effect of depriving the customer of those benefits.

Second, at a more ordinary-course level, the agreement can and should act much like a map through a dark forest. Inasmuch as an outsourcing may last many years, it is not unreasonable to imagine that the parties may well forget who is responsible for doing what, particularly where those responsibilities may change what had been ordinary course behavior for one of the parties. For instance, in one outsourcing, as year-end arose, the customer found it had a certain amount of money left over in its budget. Rather than fail to spend the whole of the budgeted money, the customer decided to acquire certain hardware to replace older equipment forming part of the infrastructure of the business it had earlier outsourced. The problem was that that hardware refresh obligation was the vendor’s, not the customer’s. The vendor had also acquired equipment for the same purpose. To further complicate matters, the customer had chosen equipment different than what the agreement had contemplated in certain material respects. This had the effect of creating unintentional additional costs for the vendor to maintain the equipment, and the vendor needed to be reimbursed for the equipment it had acquired but was unable to utilize elsewhere. So what started as an innocent step taken by the customer to save money resulted in a material cost increase as part of its outsourcing. This problem could easily have been avoided if the customer had but referred to the agreement.

Finally, the propensity for the parties to move “off piste” in terms of their contractual relationship creates a further problem. Relative to any particular issue or change, as parties compound decision upon decision, and act upon act, and in doing so, ever increasingly draw themselves away from the contract terms themselves, the problem that arises becomes one of contractual interpretation. If in these circumstances (which may involve activities between the parties unfolding over months or even years), one party raises its hand and indicates there’s been a breach by the other, and begins to desire to seek recourse, it can be exceedingly difficult to interpret the circumstances against the contractual provisions with any clarity or precision. In situations like this, real ambiguity can emerge as to whether there is recourse, and if so, to what extent. Can the existing contractual provisions be applied? Or, have the parties varied the agreement by their conduct, and if so, what are the present terms? Or, have the parties undertaken activities not contemplated by the original agreement and which are therefore not subject to its terms at all; and if so, what terms are relevant to the arrangements between the parties?

Increasingly, I have come to believe that it is an essential part of outsourcing governance “best practices” to include a lawyer or clerk whose responsibility it is to analyze all proposed changes from the perspective of the contract. Now, this approach assumes that there are provisions in the contract that are helpful to the customer and are accordingly worth adhering to. Assuming that’s the case, our experience in the past few years has been that even if this were someone’s full time job, the costs saved by having that person around to ensure adherence to the contract terms would typically far outweigh the costs associated with paying that person’s salary.

So, the next time you hear someone say, in the context of an outsourcing arrangement, that “a good arrangement between parties is one where the contract can be put away at the end of the negotiation and never looked at again” you may find you have a different perspective.

In his July 30, 2010 posting, Plus Ça Change, Dan Logan of Torys talked about the difficulty of addressing the implications of change as part of a long term outsourcing arrangement. Dan referred to the results of a recent Gartner Group survey that indicated:

• 55% of organizations have renegotiated their outsourcing agreement terms within the lifetime of the contract;
• 15% of the renegotiations occurred within the first year;
• 23% of the organizations did not expect to enter into the renegotiations; and
• nearly 8 in 10 outsourcings will go through renegotiations.

The Gartner Group survey identified one of the major issues leading to this level of contract renegotiation as a lack of sufficient flexibility in the outsourcing contract to accommodate the unforeseen changes. Dan’s July posting, and his follow-on posting on October 13, 2010, Managing Change in Contracts, used this point from the Gartner Group survey (the absence of the flexibility necessary to accommodate change) as the launch pad for an examination about anticipating and accommodating change in an outsourcing. They are worth the time to read and I don’t want to repeat or disagree with his analysis.

It is not just ineffective change processes or unanticipated issues that give rise to the necessity to renegotiate an outsourcing agreement. At least as frequently, the requirement to renegotiate an agreement stems from the failure to resolve issues at the operational level on a regular basis: the issues then fester, or the consequences of the failure to resolve an issue expand to infect the relationship, reaching the point where the unresolved issues overwhelm the ability of the normal governance processes to accommodate them. What I want to look at, in this posting, are three sets of circumstances that inhibit the ability of the parties to resolve issues effectively at the operational level and that, in my experience, have been significant factors leading to the renegotiation of an outsourcing agreement.

I. Lack of Continuity of Key Personnel

The lack of continuity of the key personnel of the service provider and customer can set up the conditions leading to a renegotiation. In an outsourcing transaction, relationship history and an ongoing commitment to the arrangement can be as much a factor in resolving issues as the contract wording itself. If the representatives of both parties have the same history, understand the compromises that were made on contentious issues and appreciate the points that were left unresolved, they have the opportunity to resolve issues more quickly, if for no other reason than that there will be a shorter learning curve. And if the key personnel are also committed to working on the transaction for an extended period of time, they are more likely to take a longer term view of the outsourcing relationship. The shorter learning curve and longer term perspective may more easily allow the two parties to resolve issues in the best interests of the outsourcing. 

Conversely, when the parties’ representatives do not have the history of the outsourcing relationship and are there only for the short term, they are more likely to approach issues on a standalone basis and seek a “win-lose” solution. As in a gun fight, there isn’t much motivation or inclination to compromise. Minor irritants that should be resolved as part of normal day-to-day operating or governance procedures quickly evolve to become major problems that are not easily dealt with as part of regular governance procedures and that can require a renegotiation or contract restructuring to resolve. 

There are clear benefits to the outsourcing transaction, therefore, if both the service provider and the customer commit to maintaining continuity in their key personnel. Unfortunately however, in most outsourcings, the commitments around key personnel are one-sided. Customers will typically include “Key Supplier Personnel” clauses in their agreements that require the service provider to identify its key management, technical and perhaps business personnel and that restrict the service provider’s ability to replace these personnel. Yet the outsourcing agreements that include any corresponding commitment on the part of the customer appear to be few and far between. This is to the detriment of the parties’ ability to resolve issues in the relationship.

II. Misalignment of Interests

Outsourcing relationships almost always impact more than just the customer and the service provider. For each party, there will be a coterie of other persons who are interested in or impacted by the outsourcing, e.g. for the customer, its stakeholders may include other business units within the customer, affiliated entities, clients or other contractors. If the parties do not deal with the interests of these stakeholders in the outsourcing agreement in an appropriate manner, they may be creating circumstances in which normal operational procedures are unable to deal with day-to-day issues and a renegotiation is the only option. 

 These circumstances are best illustrated by an example. Consider an application development agreement between a government entity and a private sector service provider. While one government ministry is the contracting party and responsible for the costs of the development, the resulting application will be used by, say, three other government ministries. In recognition of the critical interest that the three other government ministries have in the functionality of the application, the service provider agrees with its government ministry customer to establish an Executive Committee comprised of representatives of the three other government ministries and that the Executive Committee’s approval will be required at critical junctures in the application development, e.g. for approval of the functional and technical specifications.

In these circumstances, it may be extraordinarily difficult for the government customer and the service provider to resolve the issues that inevitably arise in an application development. The principal interest of the Executive Committee is the functionality of the application and this interest is not tempered by the practical concerns around costs that often motivate the parties to reach an equitable resolution.

While this is a hypothetical example, the underlying problem it is meant to illustrate is not. The customer and the service provider have created a situation in which the interests of the parties are misaligned and where the normal governance procedures may not be adequate or able to resolve the resulting issues.

III. The Dangling Change Process

It is customary for outsourcing contracts to include comprehensive change processes dealing with all varieties of change from minor production changes right up to mandatory changes that allow the customer, in urgent situations, to mandate implementation of a change. One of the purposes of the change processes is to allow the parties to deal with unanticipated change and avoid the necessity of renegotiating the agreement. In at least one respect however, most change processes fall short of this objective. 

The change processes normally require the service provider to submit a change proposal for the customer’s review and consideration within a specified period of time of the customer’s request or on the service provider’s own initiative. The customer then has a defined review period within which to accept the service provider’s change proposal, to reject it or to request that the change proposal be amended. It now appears to be the norm (arguably unlike the 1990’s) that where the customer does not accept the service provider’s change proposal within the applicable review period, the change proposal is deemed to be rejected.

That is usually the end of the matter as far as the change processes are concerned. They do not deal with the consequences of the customer’s failure to accept the service provider’s change proposal. And those consequences can be very severe, e.g. the idling of teams of software developers, significant delays in development or the failure to implement new systems in a timely fashion. These are just the sort of consequences that can easily lead to the necessity to renegotiate aspects of the outsourcing agreement.

The outsourcing agreement should include, as part of the change processes, specific procedures for dealing with change requests that are not accepted by the customer. It should no longer be sufficient just to say that the change proposal is deemed to be rejected. Instead, in the interests of dealing with issues as part of normal governance, the change processes should require immediate escalation within governance of: (i) any change proposal that is not addressed by the customer during the applicable review period; and (ii) change proposals that are identified by the service provider as “Essential” that are not accepted by the customer.

IV. Conclusion

The three sets of circumstances identified above were not suggested by any proper survey so they may lack the statistical validity of the Gartner Group results. Still, they identify issues, in addition to inadequate change management processes, that drive the parties into renegotiating their outsourcing and that should, therefore, be dealt with as part of the agreement.

Many outsourcing contract negotiations start with customer’s paper. While this may not necessarily be objectionable, both parties must understand and remember what the objectives of the deal are. The problem in using a party’s standard template agreement is that those standard clauses may have little relevance to the outsourcing deal. While some customers may believe it is always “better” to get the supplier to agree to “more favourable” terms and conditions in the contract, the reality is that the customer is always the one who ends up paying for such additions.

For example, it is not unusual to see extensive provisions in outsourcing contracts addressing audit rights. The problem is that those provisions are sometimes drafted by legal team who may have little understanding as to what their technical and management teams are expecting from the supplier. An example that I often see is that the customer’s legal representative always insists on a very broad audit right which would include a standard SAS-70 Type II report and a custom SAS-70 report on an annual basis. Since customers in an outsourcing relationship are more interested in “controlling” cost, they would ask suppliers to build those necessary costs into their cost model. SAS-70 audits are not cheap, and depending on the scope, it may very well be hundreds of thousands of dollars per report. While the cost of a custom SAS-70 would not be determined until the scope is determined at the time the audit is performed, the supplier may have to do a best estimate on what the potential cost will be and include the cost in the pricing. The issue is that if the customer is performing a custom SAS-70, chances are a standard SAS-70 audit report may not be needed. To ask for all the audit reports for no additional cost in the outsourcing contract means supplier will have to factor in those costs in building the cost model. This means that the customer may be paying for something it does not need.

Another example is to ask for extensive performance measurements and corresponding service level credits for failing to achieve the performance targets. Customers sometimes may be under an impression that it is better to ask for performance measurements that cover a broad range of activities. To monitor every aspect of performance not only increases the cost of managing the project, but also require the supplier to build additional cost into its cost model as a contingency for having to pay service level credits. The measurement should be focusing on the ones that would have significant impact on the customer’s operation if supplier fails to perform, because a certain percentage of the service level credits the supplier is asked to pay will be included as part of the service fee. Once again, customer should not be asking for something it does not need. 

We need to understand what the objective of the outsourcing deal is, what the solution is, and what the needs of the parties are. There will need to be collaboration among cross-functional teams in any outsourcing contract negotiation. The business and technical requirements will need to be translated into the legal contract. We need to step back and consider whether it is something that the client really needs and whether the deal supports our position. Don’t forget there is no such thing as a free lunch. Supplier always charges the customer for what they ask. Clients do not want to pay for something that ends up being a waste and they certainly do not want to prolong contract negotiation on issues that are not even relevant.

This is the second of three contributions focusing on certain peculiarities of Quebec’s civil law legal environment within North America (Part I can be found here).

While outsourcing and sophisticated professional IT services agreements typically deal with quality and performance issues through mechanisms such as service levels, penalties and credits, warranties and other related concepts, one will occasionally come across a client request to have the vendor commit to using “best efforts” to achieve a certain desired result. Vendors typically bark at this as they fear that such a commitment might be open-ended and require the deployment of resources and efforts beyond what would be reasonable in light of the contract’s value.

In a recent file, a large – and sophisticated – Quebec-based customer was insisting that my client agree to commit to use “best efforts” to meet certain project deadlines. As the draft agreement was heavily drafted in favour of the customer already – and obviously did not feature any vendor-friendly “savings” clause – no one on our side of the table was thrilled at the idea of agreeing to the client’s request. While I had general knowledge of the typical challenges raised by the concept of “best efforts” at common law, I had (strangely) never looked at the issue in my own civil law jurisdiction. To some degree of surprise, what I then discovered was far from the apocalyptic scenarios typically invoked in reference to “best efforts” …

To start with, one needs to understand that obligations (or covenants) in civil law are generally classified in three categories depending on their intensity: obligations of means, obligations of result and obligations of warranty.

Obligations of means only require a debtor to act prudently and diligently and to use all reasonable means so as to endeavour to achieve a certain result. No result is guaranteed, however. Examples of this include where one hires an artist to do a painting, a doctor for treatment, an employee for a certain job, or even – but only in certain cases – a service provider to design, implement or integrate a system. The (primary) interesting consequence – from a vendor’s standpoint – of having an obligation classified as an obligation of means is that the debtor will be deemed to have duly and fully performed its obligation as long as it can show that it acted prudently and diligently and used all reasonable means so as to endeavour to achieve the intended result, regardless of whether or not the result was actually achieved after all. Needless to say, customers are typically not found of obligations of means (that being said, through mechanisms such as specifications-focused warranties, exclusive remedies and SLAs, most sophisticated IT contracts practically end up favourably putting the vendor in an “obligation of means” position when compared to the customer’s initially intended business objective).

Obligations of result, to the contrary and as their name rightfully suggests, require a debtor to actually achieve the bargained for result except only where the debtor can rightfully invoke a force majeure or the creditor’s fault to be excused. But, other than force majeure scenarios or for the fault of the creditor, the debtor must achieve the intended result, regardless of the amount of effort required. Most contractual obligations actually fit in this category (including – in most cases and for this crowd’s particular interests – a service provider’s obligation to design, implement or integrate a system).

Lastly, obligations of warranty represent the most stringent category. Here, force majeure is not even a defence. Only the creditor’s fault could serve to excuse a debtor’s failure to achieve the contracted for result!

Curiously, when we reviewed the issue at the time, we found very little case law – let a lone any elaborated case law – discussing “best efforts” under Quebec law. The few cases identified in Quebec and touching upon this concept generally took the view that this concept could be seen as requiring the debtor of an obligation of means to use somewhat greater efforts than is generally required at law, but without going so far as requiring it to use “unreasonable” means in doing so. Given the fact that – as is most generally recognized – most contractual obligations are obligations of result anyway, this analysis suggested two very positive consequences for debtors (or vendors, in our case). First, by qualifying an obligation with a requirement to use “best efforts” one is probably impliedly labelling it as an obligation of means, not an obligation of result. Second, having to use “best efforts” probably doesn’t require a debtor to use “unreasonable” or exaggerated” means to endeavour to achieve an intended result. 

Back to our file – and with the above in mind – the large Quebec customer and the vendor were eventually able to agree on the following definition of “best efforts” in the contract:

“Best Efforts” means all required reasonable efforts that a prudent and diligent party must use to meet its obligations under this Agreement but without warranty to the other party that any result will actually be achieved”

So next time you hear a vendor barking at the possibility of having an agreement governed by Quebec law, make sure it uses its “best efforts” to consider all implications first … 

I recently read an interesting article called “For LPO clients, small is beautiful”. What makes it interesting is it highlights the valuable role of “smaller” LPOs. 

The survey supports the view that global companies outsourcing legal work seem to prefer doing business with smaller companies. The survey conducted across 6,547 clients globally shows that smaller vendors, including LPO vendors are satisfying more clients and to a greater degree compared to their larger counterparts. The survey was conducted by the Black Book of Outsourcing in 2010. 

UK-based Datamonitor’s Research Director, Eamonn Kennedy, said in a press statement, "Although feedback on the big names, such as IBM and HP, has been generally positive, the companies that have excelled and delighted, through the services they provide, have been smaller players." 

The client survey covered all outsourcing fields, including legal process outsourcing (LPO). Kennedy was quoted as saying "Smaller outsourcing providers ….. have been pushing their specialist knowledge and deep client understanding as their unique selling point for some time now, claiming that specialists provide a better service. While all outsourcers talk up their ability to specialize, this survey suggests that ……. relatively small players are best positioned to deliver on that promise." 

Also on the UK front, the UK's Managing Partner magazine, in an article titled "Uncorking the Genie," reports that there is a "clamour around legal process outsourcing (LPO)," as law firms "are finding the intensity of competition in the marketplace increasing at a frightening pace," causing management teams to look at offshore legal outsourcing, as they "search hard for competitive advantage":

In Canada, there is increasing discussion, debate and interest in LPO. I recently participated in a panel discussion called “Budget-busting in 2010”. The panel was hosted by the Corporate Secretary THINK TANK. Although LPO was not the only topic covered, I can assure you that LPO was a dominant part of the discussions. Still in Canada, the Sixth Annual Canadian Bar Association Law Firm Leadership Conference (on November 22^nd and 23^rd) is moving ahead full steam. The conference features Professor Richard Susskind in a session on “Unbundled Work/Unbridled Success: Sourcing Canadian Legal Services Differently.” This promises to be a lively debate about LPO in Canada and around the globe and will address how law firms and clients are sourcing work differently. 

Attention forum shoppers! Your governing law clause could buy you a lot more than you bargained for

There are many good reasons to “forum shop” when choosing the governing law of an outsourcing contract. Proximity to the place of performance and comfort with the commercial sophistication of the selected jurisdiction are two. In a ruling relating to a franchisee class action, the Ontario Court of Appeal has recently added another (maybe not so “good”) reason to the list: the possibility that the jurisdiction’s general body of statute law may apply to operations outside the jurisdiction even if you have not specifically named any statutes in your agreement – and even where the statutes being applied disclaim application outside their jurisdiction.

In 405341 Ontario Limited v. Midas Canada Inc., the court considered, inter alia, whether an Ontario choice of law clause in a franchise agreement resulted in the application of Ontario’s franchise legislation, the Arthur Wishart Act (the “Act”), to the franchise relationship. Section 2(1) of the Act specifically states that it applies “if the business operated by the franchisee under the franchise agreement or its renewal or extension is to be operated partly or wholly in Ontario.” The question before the Court was whether the Act should apply to franchises operating outside of Ontario as a result of the parties having chosen Ontario law to govern the contract.

The Court of Appeal affirmed the motion judge’s ruling that, by choosing Ontario law as the governing law, the parties imported the obligations under the Act but not the jurisdictional limit contained within the Act.

The franchise agreement at issue contained the following choice of law provision:

Controlling Law: This Agreement, including all matters relating to the validity, construction, performance, and enforcement thereof, shall be governed by the laws of the Province of Ontario.

In finding that the Act applied to the franchisees located outside of Ontario despite the territorial limitation, the motion judge stated:

I believe the most reasonable inference is that, by agreeing that the laws of Ontario are to govern the validity, construction, performance and enforcement of a franchise agreement applicable to franchises operating in another province, the intention of the parties was that their rights and obligations – including the reciprocal and inviolable rights and duties of fair dealing – are to be the same as if the business of the franchise was operated in Ontario. The territorial limitations in section 2 of the AWA have, in my opinion, no more effect for this purpose than that of the general presumption that statues are not 'intended to apply extraterritorially to persons, things or events outside the boundaries of the enacting jurisdiction'.

The Court of Appeal agreed with the motion judge’s ruling without specifically addressing the territorial limitation contained in the Act. Instead, the appellate court merely elaborated on the tendency for contemporary commercial contracts to contain a choice of law clause that “bears no relationship with where the contract is to be carried out.”

Many outsourcing agreements involving Canadian-based customers are governed by the laws of Ontario. Prior to this decision, I would have thought that the Ontario governing law clause would only import Ontario law that is specifically part of the province’s law of contract. For example, a contract governed by Ontario law clearly could not be interpreted without reference to Ontario’s Statute of Frauds, so a governing law clause would have to include the Statute of Frauds. I would not have thought that a choice of law clause would result in the automatic application of other legislation – especially not legislation that, on its terms, would not apply due to jurisdictional limitations contained within the legislation.

Most Ontario laws, from the Accessibility for Ontarians with Disabilities Act, 2005 to the Workplace Safety and Insurance Act, 1997, contain jurisdictional limits on their application, for example, to persons with disabilities or workplaces located within Ontario. While the obligations within these (or any other) pieces of legislation can be contractually adopted by parties, this would generally be effected by specifically incorporating the legislation by reference. Before Midas came along, one would have thought the absence of any such specific reference to the Act, coupled with the jurisdictional limits contained within the legislation itself, would preclude its automatic application to a relationship that falls outside those limits, despite the parties having chosen Ontario law as the governing law.

The concern arising from this decision does not only apply to contracts which are governed by Ontario law, but to any contract which is the subject of judicial interpretation in Ontario. If an outsourcing agreement is governed by the laws of New York but litigated in Ontario, Ontario courts may import, solely by virtue of the governing law clause, laws of New York which the parties had not initially intended to incorporate into the contractual relationship.

In light of this decision, and the many pieces of legislation that could apply to long term outsourcing arrangements, parties to an outsourcing arrangement (or any contractual relationship) should carefully review their choice of clause to ensure that local laws, other than foundational contract laws, are not inadvertently imported. It may not be sufficient to rely on the internal jurisdictional limits contained in Ontario (or other) legislation to avoid their application. In addition, when choosing language intended to preclude the application of conflicts of law principles, be cognizant of the implications of language implying that a court should view the performance of the contract as occurring within a specified jurisdiction.

Linking Service Descriptions to the Economic Model

It is trite to say that in any outsourcing transaction, the service description is critical to the deal. The services are, after all, the essence of the outsourcing regardless of the impetus for doing the outsourcing in the first place (such as cost reduction, technology improvement, business transformation, and so on). The service descriptions are used to establish the framework for the economic model and the base fees that will have to be paid by the business owner. These service descriptions are key for establishing what the service provider must do for the base fees and can be critical to determining the scope of what’s in and what’s out. Anything that is out of scope is likely an “extra” both in terms of the services to be provided and fees to be paid. As a result, it is critical that the parties have a mutual understanding of how the service descriptions will work with the economic model, what is included in the base fees, and when the service provider can charge for the so called “extras”. This is where the service descriptions can be tricky, and where their alignment to the economic model should be clearly understood and agreed to by both parties to the outsourcing. 

How the services are described, and how they are linked into the economic model, can be germane to the success of the outsourcing. While this may seem like a basic principle for any outsourcing, it can be difficult to put into practice and is often the topic of great debate between business owners and service providers after the contract is signed.

Activity & Function Based Service Descriptions

Many service descriptions are articulated as inputs to the outsourcing, appearing as a long list of functions and activities that must be undertaken by the service provider, which are described with various levels of detail. This method of describing the services has its pros and cons for both parties, but for different reasons. 

For the business owner, there is a certain appeal because it provides a high level of certainty regarding the nature of the services being provided, and perhaps a stronger feeling of control over the business being outsourced. The importance of this sense of control should not be underestimated, particularly at the beginning of the relationship before any trust is established between the parties. That said, there are downsides to this prescriptive manner of describing the services. First, if an activity or function is missed in the service description (and there will usually be a few of these), then it may be viewed as an “extra” by the service provider, warranting an additional charge over and above the base fees. This is typically addressed by the inclusion of language to the effect that functions and activities not specifically indentified which are incidental to the delivery of the services are necessarily included. Unfortunately, this will only provide so much protection to the business owner, as there will invariably be a point where the parties disagree on the unspecified functions and activities that are incidental to the performance of the services. It may also come down to whether or not these unspecified functions and activities were actually costed into the economic model by the service provider. 

This approach to the prescriptive description of the services is often tied to a transactional based or cost-plus economic model, where the business owner assumes most of the pricing risk (as fees are typically based upon the transactions, activities and functions performed, instead of their efficiencies and outcomes). For some outsourcings, this may be preferable depending upon the nature of the outsourced business, but for others, it could hamper the realization of the outsourcing’s objectives.

For the service provider, this prescriptive form of service description may clarify what is in and what is out of the base fees, but it can also border on telling the service provider exactly how to perform the services (this comes as a by-product of the detailed description of the functions and activities that comprise the services). Service providers are often asked to do more with less, and their ability to do so can be seriously hampered if they are being told “how” to deliver the services, as opposed to “what” to deliver. The detailed articulation of activities and functions can also be used by business owners to micro-manage service providers. This can be disastrous to both the outsourcing and the relationship of the parties. 

If the outsourcing includes any business transformation (which would be typical for most outsourcings), then the prescriptive manner of describing the services may result in unintended consequences. For example, as the business transformation is implemented, the service description will quickly becomes obsolete. Depending upon how the services are linked to the economic model and the fees to be paid, the parties could end-up in a fee dispute with one party wanting a fee reduction for specific activities and functions no longer being performed, and the other wanting a fee increase for the transformed service delivery not contemplated in the service description. The prescriptive approach to describing the services could also interfere with the service provider’s ability to transform the business, or realize the savings necessary to enable the service provider to do more with less. Hard-wiring the detailed activities and functions in the service description can also force the service provider to provide the services the same way that they were done before, jeopardizing some of the goals and objectives of the outsourcing, and making it difficult for the deal to realize its potential. This could ultimately become problematic for both parties and may lead to a renegotiation of large portions of the outsourcing early on (which is not uncommon to see in the first 18 to 24 months of an outsourcing deal). 

This prescriptive approach to describing the services does not always accommodate business transformation. Whatever the activity or functions, and however they are described, chances are that they will be fundamentally different a few years after signing the deal if business transformation is included as part of the outsourcing. Even if business transformation is not specifically contemplated, use of technology advancements in the ordinary course of business will likely result in some of the service activities and functions becoming obsolete over time. How these changes will be accommodated in the service description and the economic model should be discussed at the outset and well understood by both parties. 

Outcomes-based Approach

At the other extreme is the pure outcomes-based approach to describing the services to be performed in the outsourcing. The theory behind an outcomes based approach is that the service provider must deliver the outcome or business result, in whatever manner the service provider determines. This approach requires a clear articulation of the outcomes that the service provider is to achieve. While theoretically attractive, this approach is easier said than done. To be effective, the outcomes must align with the objectives of the business owner, be measurable, achievable, and within the sphere of control or influence of the service provider. The outcomes-based approach does not specify the ‘how”, but goes straight to the end-result, it focuses on the “what”. The outcomes themselves must be sufficient to support the service delivery requirements of the business owner. In addition, the business owner must be comfortable relying upon just the outcome itself, and for that reason, defining the outcomes can also be challenge. 

The outcomes-based approach requires a tremendous amount of trust in the service provider, and a significant letting go by the business owner. This “letting go” can be difficult for business owners as the outcomes-based approach often lacks transparency into how the services are being performed. The level of trust required between the parties for an outcomes-based approach to succeed develops over time, as the parties work closely together, but it is rarely there at the outset of an outsourcing deal.

The outcomes-based approach to describing services represents a shift of risk from the business owner to the service provider who is essentially delivering on results, or outcomes, as opposed to merely performing specified functions and activities. This can be attractive to service providers as it affords them the flexibility to determine the method and manner in which the services will be delivered, and can work to both parties advantage as long as the service provider is able to control the outcomes. The outcomes-based approach may come at a premium given the shift of risk from the business owner to the service provider. However, if the agreed outcomes are delivered, then the premiums paid for the services should be more than off-set by the value of the delivered outcomes to the business owner. 

Hybrid Model

Moving to a true outcomes-based approach to outsourcing is difficult to do in practice. As a result, there is sometimes a tendency to adopt a hybrid model that combines elements of the outcomes-based approach with the detailed and prescriptive service delivery descriptions. The hybrid approach may also use outcomes for only specified portions of the outsourcing, and detailed service descriptions for others. The hybrid approach can be effective as long as it is appropriately tied to the economic model in a way that will incent the appropriate behaviour by both parties, and provide some measure of certainty as to what is in and what is out of the base fees.

Conclusion

Whatever method is used for describing the services, whether it is a detailed activity and function based approach, an outcomes-based approach, or a combination of the two, it is critical that the service description be appropriately tied to the economic model. The potential scope of the “extras” should be clearly understood and agreed to by both parties. The manner of service delivery change during the life of the deal, and any resulting fee changes, should also be contemplated and agreed to in advance, and accommodated in both the service description and the economic model. 

In the previous post, I looked at a Gartner Group survey, which found that one of the biggest issues resulting in contracts being prematurely renegotiated was that they lacked the flexibility to handle unforeseen changes. This is the second in a series of posts examining some of the ways in which outsourcing agreements can be structured to accommodate change over the life of the contract. In my last article, I looked at contractual mechanisms designed to accommodate unanticipated M&A activity. In this article, I look at mechanisms designed to address the financial responsibility for future changes. 

(i) Allocating Financial Responsibility in Advance

Over the course of an outsourcing agreement, required changes may affect the delivery of services under the outsourcing contract or either party’s related costs. Since these changes can result in additional or decreased costs, the time spent on deciding which party should bear those costs or benefit from a cost reduction can delay the timely implementation of required changes. It is in the best interests of both parties to avoid this problem, which can be accomplished by addressing the allocation of financial responsibility for such changes upfront, at the time the contract is entered into. The typical stumbling block in resolving this point is that the parties do not know the exact nature of these changes in advance. However, a way forward can be found if they anticipate and account for financial responsibility according to certain categories of potential changes.

(ii) Determining Financial Responsibility According to Categories

Broadly speaking, there are two categories that should be considered: (a) changes that will be implemented by the vendor for no charge; and (b) changes that will be implemented by the vendor for a charge. The agreement should cover both kinds. 

While every transaction is different, there are many examples of changes that typically fall within the first category. For instance, changes that must be made in order for a vendor to comply with applicable law may be borne by the vendor without charge to the customer, and accordingly would fall within the first category. The parties may identify other examples applicable to this category. For the reasons referred to above, it is a best practice for the agreement to include the allocation of financial responsibility for this category. 

The second category can, in turn, be divided into two subcategories: (a) changes that affect the particular customer as well as other customers of the vendor; and (b) changes that affect only that customer. 

In the first subcategory, if there are changes that are required by some but not all of the vendor’s customers and that do not fit within the category of changes that the vendor is required to implement without charge to the customer, one way of allocating financial responsibility would be for the customer to be responsible for the charge, but on a pro rata basis. The logical point being addressed in this instance is that the vendor will be required to make the change for each customer affected, but should not charge each one individually the full cost of implementing the change. Instead, it is divided equally between all such customers. The existence of this subcategory, and its relevance to any particular outsourcing, assumes that the vendor’s infrastructure used to deliver the services to the customer is being shared and used for other customers.

Finally, the second subcategory functions as a basket that catches every other kind of change. These are changes required by the customer that do not fall into either of the two preceding categories, and the financial responsibility for which should be fully borne by the customer.

By accounting for changes in this way ahead of time, a long-term outsourcing agreement can accommodate changes through embedded contractual terms that are designed to provide flexibility and financial predictability, even if the particular changes themselves can’t be foreseen. 

Outsourcing deals usually involve very intense and lengthy negotiation between supplier and customer team members. They spend months or year(s) together in planning, drafting and negotiating the agreement before the deal gets implemented or executed. There are at least two review processes that should take place shortly after an outsourcing deal is finalized. The first one is the contract handover process which provides an opportunity for the deal team to pass on the knowledge to the delivery and implementation team so that they can run with the project. The second review is the deal review or lesson learned session to make sure that organization can build on the experience gained from each deal and add it to the institutional knowledge. While many organizations perform contract review or handover process after the deal is finalized, organizations always miss the opportunity to capitalize the knowledge the team gained from each deal.

Invaluable lessons can be gained at each stage of the deal. For example, there may be suggestions on how the internal process could be improved to support future deals and to minimize bottleneck. The review could lead to improvements on internal approval process, resource engagement process, communication strategy, alignment with industry practice on key issues, and better understanding of its own requirements as well as the other side’s requirements. The discussion may also reinforce the importance of conducting proper due diligence which can minimize the need of the parties to engage in a very expensive re-solutioning process post-contract signing.

The review should include not only things that the organization could improve on, but also things that worked well. While most likely the lessons learned by individual team members will be reflected in the way each team member will handle the next outsourcing deal, it is also important for organizations to formalize the lesson learned process so that the knowledge can stay at the institutional level.

It is important to conduct the review shortly after the project is completed when the deal is still fresh in everyone’s mind. After gathering the thoughts from various team members, it will be useful to follow up on those ideas and examine the ones which warrant further review. While many people would agree on the usefulness of conducting lessons learned session, the reality is that as soon as a deal is completed, the deal team members are usually dispersed to pursue other projects. Deal review sessions may not necessarily be conducted as often as we would expect due to limited resources. Where resources permit, organizations could consider expanding the lesson learned process to include regular deal review. It will be beneficial to perform a root cause analysis on deals that have failed to achieve the intended objectives. By performing a root cause analysis, organizations may realize that those deals have a common theme. Identifying those areas can minimize costly repeated mistakes and increase efficiency. For example, the analysis may reveal a poorly performed due diligence or a poorly defined statement of requirement. Organization may proactively minimize similar problem by offering training or by adjusting the composition of the deal team. Conducting deal review can expand cross-team learning and assist organizations to identify areas where it could continuously improve. 

I was speaking with a colleague recently regarding whether mediation was a valuable tool in outsourcings, and if so, under what circumstances. We came to the conclusion that it is an appropriate tool for some outsourcings, but not all. 

It is inevitable in any outsourcing or large managed services arrangement that disputes will arise. Disputes arise for a myriad of reasons, ranging from a failure of the parties to appreciate and agree on fundamental business terms, such as differences of opinion on specifications or deliverables, to perhaps the more mundane question of whether a notice required by the agreement was given properly. Since these arrangements last for relatively long periods of time, preserving the relationship between the parties is very important for the outsourcing to be a success. 

In outsourcing agreements, the parties typically spend a fair amount of effort drawing up complex governance procedures, which include various committees, meeting schedules, roles and responsibilities, and, most germane to this discussion, a method for addressing disputes. The point of the committees, meetings, etc. is to ensure that there are plenty of opportunities for the parties to communicate. Good communication reduces the chances that small problems become big problems. (How to get the parties to actually follow the governance procedures is an entirely separate problem for another article.) 

In my experience, the dispute resolution procedures in these large contracts boil down to two basic steps: escalation and litigation.

Escalation generally involves referring the unresolved problem to successively higher levels of governance after set periods of time have elapsed. In theory, by escalating the problem to more senior levels of each party’s organization, the more senior members, being relatively more empowered within their respective organizations, are able to overcome the problem through the use of their power. In practice, the escalation process may simply entrench the parties in their respective positions. 

In the litigation step, in which I would include any binding adversarial process like arbitration, the parties are faced with an expensive and time consuming process that distracts the parties from the core business of the outsourcing. 

In my view, the fundamental problem with this process is that it takes the two parties and gradually forces them apart. At each step in the escalation process, and certainly by the time the parties reach litigation, the process naturally reinforces each party’s respective positions. The relationship between the parties can become strained, which further exacerbates this problem. This appears to become especially the case when the escalation is rapid or the stakes are particularly high, as the parties have not had an opportunity to cool off and gain some perspective on the dispute. 

My colleague and I concluded that under these particular circumstances, it would be helpful to insert a mediation or facilitated negotiation process between the escalation step and the litigation step. The principal benefit of mediation would be the introduction of a true neutral participant. A neutral having independence from either party and perspective on the dispute could shake the parties loose from their entrenchment and get them thinking creatively. Another benefit is that the mediation process is designed to bring the parties closer together, not to drive them apart, and therefore is more likely to preserve the relationship between the parties. 

For example, in the “build” or implementation phase of an outsourcing, timelines are short and there is a great deal of pressure on the parties to perform. A mediation step can inject some breathing room and fresh thinking, and resolve the dispute much more quickly than litigation ever could. Since the quick resolution of disputes are essential to a project’s success, mediation would be a valuable step in the process to save time and keep a project on track. 

In an ongoing services outsourcing, which has relatively long escalation timelines and a well established relationship, the benefits of mediation are not as clear. In this type of outsourcing, by the time a dispute has been completely escalated through the governance process, the parties have had plenty of opportunities to negotiate a solution, and are now looking for someone to render a decision so that they can move on. A mediation step introduced at that stage may only delay that decision and frustrate the process. 

I invite readers to share any experiences that they have had with mediation in the context of outsourcings, and particularly to comment on those factors that led to its success or failure.