Adopt contractual provisions that reflect best international risk management practice, involving a balance between customer-friendly provisions and the need to reduce the chances that any one contract might affect the ability of the supplier... MR ALAN HAWLEY, COMMERCIAL LAWYER, RICHARDS BUTLER LLP, UK.
MR ALAN HAWLEY, commercial lawyer at the UK-based law firm Richards Butler LLP.
Towards the end of November, Deloitte announced the results of a survey about what the UK public feels about offshoring. Nearly four out of five people didn't want jobs to go overseas. "Just 4 per cent of the respondents support the continuation of offshoring and almost one in three (32 per cent) believe UK companies should be forced to bring jobs back to the UK," reads the release dated November 28 on www.deloitte.com.
As if in contrast, only two days earlier, an article titled `High taxes `forcing companies overseas'' on www.ft.com had informed that 19 top British companies had moved parts of their operations overseas in the past two years and that five top companies were contemplating shifting their headquarters abroad in the near future. In this context, Business Line contacted Mr Alan Hawley, a commercial lawyer at the UK-based law firm Richards Butler LLP for inputs on factors that a UK company considers when framing contracts for offshoring its operations.
Mr Hawley specialises in international supply of goods and services, more particularly, information technology (IT), e-business, digital media and data privacy. He has acted for a major Indian outsourcing company in connection with a number of contracts for the supply of outsourced IT services to customers in the UK, and has also advised the UK and West Asian clients on their contracts with Indian IT companies.
"Probably the most important factor which UK companies look for when reviewing contracts with offshore suppliers is that the contract should be as similar as possible to the contract which they would expect to sign with a UK or EU (European Union) company. This is particularly the case if the customer invites a tender on the basis of a contract already drafted by its own legal advisers, as often happens on larger projects," begins Mr Hawley. Here are his views on a few questions.
Will there be no obvious differences to indicate that the contract is an onshore or offshore one?
Since the supplier could be either onshore or offshore, there will be very little in the contract that will be directed specifically towards an offshore IT supplier. Indeed, the contract will often be concluded between the UK customer and the UK subsidiary of the offshore IT supplier. Sometimes this structure is unattractive to the UK customer, in particular if the Indian IT subsidiary in the UK is not a substantial company. Possible solutions to this issue are a guarantee from the more substantial Indian parent company, or that the Indian company enters into the main contract and subcontracts certain elements to the UK subsidiary.
Shouldn't the offshore dimension be factored in the contract?
It remains the case that many UK organisations have not seriously considered offshoring, and when inviting bids would expect there to be no difference between an onshore contract and an offshore contract. Offshore suppliers will wish to gain a competitive advantage by offering customer-friendly contracts. So the ideal situation for the UK customer is that the offshore dimension should not affect the drafting of the contract. It is in the interests of Indian IT outsourcing suppliers to collect evidence to show that the offshore nature of the deal will be invisible to the customer, and this applies to the legal agreement as well.
Factors that drive offshoring and outsourcing aren't the same.
Yes, the decision to go offshore of course involves factors that are different to those affecting the decision to outsource in the first place, but some of the factors are similar, and these factors are reflected in similar contracts. Lower costs are usually the inducement in any outsourcing situation. Where the outsourcing remains in the UK, the lower costs come from the fact that the supplier is to some extent mass-producing the same or similar service for a whole portfolio of clients, which service is its core business. The savings are of course increased if all or part of the service is outsourced to a relatively low cost jurisdiction such as India. In both cases, there will be contractual provisions aimed at promoting the lowering of costs, such as various degrees of transparency in pricing, benchmarking, and most favoured customer obligations.
The customer's IT function has also to contend with loss of independence and control.
This can be a particular challenge in high-tech areas where digital technology is particularly important, such as broadcasting and new media. But the same situation applies whether the outsourcing is onshore or offshore. Imaginative approaches to the ownership and cross-licensing of intellectual property may be necessary in both kinds of contract, along with provisions dealing with knowledge transfer.
One keeps hearing about security risks when it comes to outsourcing.
It is debatable whether or not the risk is additional to those that exist if a service is provided in-house, or those that exist with an onshore service as opposed to an offshore service. One would expect a specialist IT outsourcing company to have greater expertise in the security area than an in-house IT department. Security problems in India have received widespread publicity over a lengthy period, but it is not at all clear from the UK perspective whether or not overseas jurisdictions pose particular additional security problems. As we all know, security breaches are regularly reported in jurisdictions such as the UK or the US.
What does a typical IT outsourcing agreement contain?
In general, and regardless of the country of origin of the supplier, the UK customer will expect a bulky IT outsourcing agreement with numerous schedules, including schedules covering such matters as entrance and exit transitional services, asset transfer, baseline schedules, service level addenda, service credit schemes, extensive warranties, and obligations to refresh technology. In my experience, Indian IT suppliers are often more prepared to offer this sort of full and detailed contractual protection than many UK suppliers. Offshore elements in IT contracts can be obscured by a variety of legal structures.
Take the classic offshore situation, where an Indian company undertakes software development work. The UK customer might look for some additional protection for example, by insisting that the latest version of the developed software is sent from India to the UK on a regular basis in case the offshore supplier encounters financial difficulty. However, this is good practice regardless of the cross-jurisdictional element.
Why do offshoring efforts fail, at times?
Some companies continue to make the same mistakes when they offshore work as when they outsource in the UK. The most common mistakes are a failure to allocate enough resource, a failure to give the project enough status within the customer organisation, a lack of input from consultants, including a lack of control over change management, and finally a lack of recognition of the culture with which the customer is dealing. The latter can of course be a more significant feature when offshoring to another jurisdiction and culture, particularly in the context of call centres, but it is by no means unknown in IT outsourcing within the UK.
Can there be situations when a contractor bites off more than he can chew?
There have been instances when Indian outsourcing companies were prepared to accept quite onerous contractual obligations in order to win high value business within Europe. However, this policy is not always successful. Recently a UK company rejected a bid from an Indian IT outsourcing company because the liability which the supplier indicated it was prepared to assume showed a lack of any real sense of risk management. It doubted whether any company that would accept such high limits of liability would remain in business for very long.
What can be the ideal strategy for offshore IT suppliers?
The best strategy for offshore IT suppliers is to adopt contractual provisions which reflect best international risk management practice, involving a balance between customer-friendly provisions necessary to win a particular contract, and the need to reduce the chances that any one contract might affect the ability of the supplier to discharge long-term obligations to the rest of its customer base.
What is the trend in the UK?
A significant number of UK companies have used their usual service provider to access offshore services, since many of the major outsourcing companies have their own captive Indian service locations, which provide various services such as software development on an offshore basis. This may be invisible to the customer. On the other hand, other end-users have also established their own offshore facility, which underlines the fact that offshoring is not confined to outsourcing. The captive offshore entity may in turn outsource some of its services to an independent offshore IT supplier. In fact, the number of companies that use an offshore provider pursuant to a traditional cross-border contract appears to be quite low.
Outsourcing considerations go beyond cost, don't they?
True, costs are not the only factor in outsourcing. The customer will be seeking greater flexibility of solutions due to the IT suppliers' larger portfolio of clients and technical situations. He will expect higher standards and new technology if he is contracting with a world leader in the IT field such as EDS. He will expect better technical skills than he would receive in-house because the IT staff will now be working for a specialist IT organisation which has available a wider range of skills and which can, in theory, attract better quality staff because it can offer them better career prospects.
The customer will wish to see detailed service level addenda, service credit schemes, and devices such as step-in rights to give extra leverage in a poor performance situation. Such provisions would be found in both onshore and offshore contracts.
Data privacy issue assumes significance when offshoring.
The one key difference between an onshore IT supply contract and an offshore agreement will be the clauses dealing with data privacy. Some legal requirements with regard to data privacy relate to all contracts involving the processing of personal data by a third party. EU regulations require that a controller of personal data must choose an outsourced data processor, which is able to provide sufficient guarantees in respect of the technical and organisational security measures governing the processing to be carried out and to take reasonable steps to ensure compliance with those measures. In particular, the data processing agreement must be in writing, and the data processor must agree to process personal data solely in accordance with the customer data controller's instructions, and also comply with the security provisions of the EU privacy directive as though it were a data controller.
Does the cross-border flow of data pose a hurdle to offshoring?
In offshore outsourcing, the parties need to deal with the veto on the export of personal data from countries in the European Economic Area to countries which do not have a statutory framework for data privacy protection that offers standards comparable to the EU regime. As far as I have seen, this has never been a problem with regard to Indian outsourcing agreements, the solution being to put in place a suitable cross-border data flow agreement in one of the formats approved by the European Commission.
The Indian IT supplier must of course implement adequate data security, both in transit and on arrival, but that is something which any IT outsourcing company will need to do. The main thrust of the data export agreements, whether to another data controller or to an outsourced data processor, is that the offshore recipient must agree on a contractual basis to observe procedures broadly similar to the "fair and lawful processing" regime required by EU legislation. Outsourcing companies outside the EU are more than happy to sign such agreements and to offer assurances about fair processing and data security in order to obtain the work.