x
33
0 4 14 0 0 0 0 15
Follow Me
1 of 112
Global Sourcing Portal - Brings together our sourcing tools, articles and reports

Other Presentations
+
Total Views  :   741
Total Likes  :  0
Total Shares  :  0
Total Comments :  0
Total Downloads :  0

Add Comments
Presentation Slides

1) SOURCING REFERENCE GUIDE A reference tool for customers and service providers explaining current best practice and thinking from our global team.

2) SOURCING REFERENCE GUIDE Foreword.........................................................................................................................................................................................03 1. Sourcing Structures...........................................................................................................................................................04 2. Sourcing Agreement Structures......................................................................................................................................... 09 3. The Services Description.........................................................................................................................................................16 4. Offshoring...............................................................................................................................................................................20 5. Timing, Delivery And Delay.........................................................................................................................................25 6. Service Levels.......................................................................................................................................................................29 7. Service Credits....................................................................................................................................................................33 8. Charging Models.................................................................................................................................................................37 9. Tax............................................................................................................................................................................................... 43 10. Benchmarking and Continuous Improvement...................................................................................................49 11. Compliance............................................................................................................................................................................55 12. Data Protection...................................................................................................................................................................62 13. TUPE and Employee Issues...........................................................................................................................................69 14. Termination Triggers.........................................................................................................................................................79 15. Exit Management................................................................................................................................................................83 16. Subcontracting......................................................................................................................................................................87 17. Secondary Sourcing: Contract Renewal, Insourcing and Retendering................................................ 91 18. Governance............................................................................................................................................................................96 19. Intellectual Property..........................................................................................................................................................99 20. Dispute Resolution�������������������������������������������������������������������������������������������������������������������������������������������������������� 104 02  |  Sourcing Reference Guide

3) SOURCING REFERENCE GUIDE Foreword Foreword Sourcing Structures Sourcing Agreement Structures The Services Description Offshoring Timing, Delivery and Delay Service Levels Service Credits Charging Models Tax Benchmarking and Continuous Improvement Compliance Data Protection TUPE and Employee Issues Termination Triggers Exit Management Subcontracting: Risk, Liabilities and Managing the Relationship Secondary Sourcing: Contract Renewal, Insourcing and Retendering Governance Intellectual Property Dispute Resolution Welcome to the Sourcing Reference Guide; our guide to conducting successful sourcing transactions. When the Sourcing Reference Guide was first published (under the title Reference Guide to Outsourcing), it represented the most up to date know-how on the issues to consider, and approaches to adopt, when contracting for outsourced services. It proved invaluable to our clients, with one client commenting “Their Reference Guide to Outsourcing is what it says on the cover. It provides a fantastic reference tool, highlighting the key issues to consider for anyone negotiating an outsourcing contract…” Back then “sourcing” (which mainly comprised IT outsourcing) typically involved a domestic customer outsourcing its more straightforward, low value, IT requirements to India. Now a $6 trillion-a-year global industry1, customers’ needs encompass a broad range of technology-based, networks and business process outsourcing with service delivery requirements commonly spread across the globe. The service providers are global too with substantial delivery operations not just in India but also in jurisdictions such as Brazil, Argentina, Mexico, Eastern Europe, the Philippines and China. We have seen the drivers for outsourcing and sourcing transactions in general, move from simple cost saving to a desire to access cutting edge technology or improve speed to market and then back, in recent times, to a renewed emphasis on financial considerations. Multi-vendor models came into vogue; now many customers have rationalised their approach and favour dealing with a single or fewer providers. In parallel with all of these changes, our market leading sourcing practice has grown from the broadly domestic transactional practice of the early-2000s to become a leading, global, sourcing practice advising both customers and service providers on complex and strategic multi-jurisdictional sourcing transactions around the world. Our new Sourcing Reference Guide reflects these changes, collating current best practices and thinking from our global team across the array of sourcing transactions, be it ITO, AD/AM, BPO, F&A, HRO, FM, infrastructure, networks, and others. Variations in approach and considerations between geographical regions are specifically highlighted underlining our global team’s expertise. The purpose of the Sourcing Reference Guide is to enable you to identify and resolve the key issues involved in your sourcing transaction helping you to achieve a commercially robust, yet flexible and successful, long term partnership. For information about our global sourcing team please refer to our sourcing portal http://www.dlapiperoutsourcing.com or contact your usual DLA Piper contact. 1    ource: International Association of Outsourcing Professionals (IAOP) S 03  |  Sourcing Reference Guide

4) SOURCING REFERENCE GUIDE 1. SOURCING STRUCTURES Foreword Sourcing Structures In a nutshell In a nutshell Key issues Single sourcing – direct sourcing This reference guide explains sourcing agreements: how they are structured and the key considerations and issues which shape them. However before considering the agreement itself, it is useful to understand some of the sourcing structures which most commonly sit behind that legal document. Single sourcing – indirect sourcing â– â–  Multi-sourcing Joint ventures Captive entity Build operate transfer Conclusion Sourcing Agreement Structures â– â–  â– â–  The Services Description Offshoring â– â–  Timing, Delivery and Delay Service Levels Service Credits Charging Models Tax Benchmarking and Continuous Improvement Compliance Data Protection TUPE and Employee Issues â– â–  Under a simple, single-sourcing model, the agreement is entered into by the customer and a single service provider; Multi-sourcing structures are those where the customer contracts with a number of different service providers concurrently, each of which then provide a part of the overall services; In joint venture arrangements the customer contracts with a special purpose joint venture company, often owned by the customer and its service provider; A captive is a customer subsidiary which has been set up in another jurisdiction to provide the services back to the customer; and Build, operate, transfer models are those where, as the name suggests, the service provider builds the asset, initially runs it, but ultimately the asset is transferred back to the customer to operate itself. Key Issues Commercial, operational and legal issues all influence the final decision as to which sourcing structure is most appropriate for any particular sourcing transaction. Typical considerations include: Exit Management Subcontracting: Risk, Liabilities and Managing the Relationship Secondary Sourcing: Contract Renewal, Insourcing and Retendering Governance Intellectual Property Dispute Resolution 04  |  Sourcing Reference Guide Geographical location of customer user Are the services to be provided to a single location, multiple locations in the same country or multiple locations across a number of countries? Geographical location of service provider Will the services be provided from the same country as the recipient, entirely from an offshore location or perhaps a mix of onshore and offshore locations? Degree of customer control In a “pure” sourcing deal it is up to the service provider to decide how to deliver the services. However, where the services are critical to the customer’s business or they are impacted by the regulatory environment within which the customer operates, the customer may need greater input into, or rights regarding, the party/ies providing the services and how they do so. Tax Termination Triggers There may well be sales tax issues to consider in each of the delivery jurisdictions or depending on what deliverables are provided as part of the services. This may impact how the services are provided or where they are provided from.

5) SOURCING REFERENCE GUIDE Single Sourcing – Direct sourcing AGREEMENT CUSTOMER services Under the simplest sourcing model the customer contracts directly with a domestic or foreign service provider. This approach is a common one and has the advantage of relatively low set up costs because the corporate structure is already in place (although the agreement itself will still need to be negotiated and documented). Unlike some other sourcing models, in a “pure” sourcing deal the customer SERVICE PROVIDER controls what services it receives; it is often uninterested in how the service provider delivers them. Additionally, where the customer and proposed service provider are established in different jurisdictions, both parties need to consider both their ability to enforce contractual rights/ remedies across international borders and how costly this might prove to be in practice. Single Sourcing – Indirect sourcing AGREEMENT SERVICE PROVIDER CUSTOMER SERVICES sub contract SERVICES OFFSHORE SUPPLIER Often a customer contracts directly with a service provider based in the same jurisdiction, but that service provider subcontracts some or all the services to its offshore affiliate or subsidiary company. The appeal of this model is that some or all the services are performed in a lower-cost jurisdiction and/or by that service provider’s global offshore delivery centre but the customer has the comfort of contracting with a company based in its home territory. From a legal perspective, that “home” service provider remains responsible for all of the services, engages in the day-to-day project management tasks (such as reporting and meetings) and is the point of contact for any disputes (including, importantly, for any remedies and enforcement). Local perspective In the Middle East, the laws of each country differ when it comes to the ability of a foreign company to establish a wholly-owned subsidiary. Foreign direct investment restrictions mean that service providers must carefully consider their approach to operating locally before they pursue business opportunities. One approach involves a teaming agreement where the foreign service provider and the local service provider agree contractual terms by which they will pursue local opportunities together. Under such an arrangement, the parties may agree that, in the event of winning business, the local service provider will be the prime contractor with the local customer but it will subcontract to the foreign service provider. Where this indirect sourcing model is being considered, a range of legal and commercial issues must be addressed including local anti-fronting laws, dispute resolution and enforcement issues and work permit and visa requirements. However, structured correctly, such an arrangement can be particularly effective for foreign service providers who are looking to gain a foothold in the market before making a more permanent commitment. 05  |  Sourcing Reference Guide

6) SOURCING REFERENCE GUIDE Multi-sourcing CUSTOMER AGREEMENT SERVICES Service Provider Service Provider Multi-sourcing models are a multiplied version of the single source model where the customer contracts with several service providers rather than limiting its relationship to one service provider. Each provides part of the overall solution to the customer. Corporate structure set up costs are unlikely as the contracting entities will already exist. However, because contracts need to be put in place with several service providers, the associated legal spend and on-going management costs will increase. Service Provider Service Provider suggests that multi-sourcing may not be as popular now as it has been and many customers are rationalising the number of contracts they manage. Buying more services from fewer service providers can bring with it economies of scale and favourable treatment, not to mention significant cost savings (which is important in the current economic times), as the customer becomes a more significant client of the service provider. Multi-sourcing appeals to customers because it allows each element of the overall solution to be delivered from its “best of breed” service provider. However, our experience Joint Ventures JOINT VENTURE AGREEMENT SERVICE PROVIDER CUSTOMER services AGREEMENT FOR SERVICES JV CO Sometimes the customer agrees with its service provider to set up a joint venture company (or special purpose vehicle); that joint venture company then provides the services to the customer. This sourcing structure allows the parties to be flexible in how the services are delivered to the customer and provides greater control for 06  |  Sourcing Reference Guide the customer over the delivery of the services. However, the drawback is that joint venture arrangements require upfront investment and are typically not cheap or quick to unwind. The parties also need to consider enforcement issues as any enforcement action by either relating to the services will be against an entity it co-owns.

7) SOURCING REFERENCE GUIDE Captive Entity services OFFSHORE BASED SUBSIDIARY CUSTOMER AGREEMENT A captive entity is a subsidiary (typically offshore) through which the services are delivered. In the past many regulated organisations, especially those in the financial services sector, chose to establish or acquire an offshore captive so that they could exercise a higher degree of control and flexibility over the manner and standard of service provision (thus satisfying any concerns from the relevant regulator). However, this approach requires high upfront investment, is not quick to deploy and the customer may find itself having to select its captive for the provision of the services when that might not be the best market proposition. The flipside to the higher degree of control is that the customer bears more of the risk associated with the service; there is no true third party involvement with which to share this burden. Captive arrangements are not so common now, most likely because the standards to which service providers can now supply services is so good that it outweighs the cost of acquiring or establishing a captive. Build Operate Transfer B.O.T AGREEMENT SERVICE PROVIDER CUSTOMER services (and transfer) With certain types of services, typically technology infrastructure-based ones, it can suit both parties that the service provider builds the infrastructure, operates and manages it and, once the stability of the infrastructure has been demonstrated (and the customer has been trained), transfers the running of that infrastructure to the customer for the customer to operate itself. This model minimises the establishment and early-stage operational risk for the customer but, unsurprisingly, comes with increased cost because the service provider is being engaged to do more and take on more risk. Clearly, it only suits a customer who is happy to take back the provision of the services in question; in developed markets where technology infrastructure has largely been built-out and expertise exists in-house, this sourcing structure is rarely seen. However, it is still seen in rich emerging markets where there is a shortage of skills but a need to build infrastructure quickly to support that country’s economic aspirations. Local perspective Education, in its many forms, is a key priority of many governments in the Middle East. Through education, governments seek to ensure that future generations of local citizens have the necessary experience, skills and knowledge to run and grow a modern economy. In this context “Build, Operate, Transfer” structures may be more favourably considered than the pure outsourcing model, particularly in the public sector setting. This is because BOT has the explicit objective of up-skilling the customer’s personnel (i.e. local citizens) through knowledge transfer activities so that the outsourced operation can be insourced at a future date. 07  |  Sourcing Reference Guide

8) SOURCING REFERENCE GUIDE Conclusion One sourcing trend we are seeing in developed markets is a scaling back of multi-sourcing arrangements in favour of fewer service providers. We believe the cause for this shift is two-fold: first, customers are being forced (due to downward pressure on budgets) to obtain better pricing from their service providers and one of the ways to do this is to put more business with fewer service providers; and secondly, customers have reduced the size of the teams that manage their relationships with service providers meaning that these teams can only effectively manage a small pool of service providers. However in the emerging markets, cost is often not the primary driver for outsourcing. Here, outsourcing is growing as a popular business practice over the last decade or so as local businesses recognise the benefit which can be achieved through the implementation of a well-developed outsourcing strategy. In this context, it is often the case that businesses are outsourcing for the first time – with single source models being most commonly used as a way of accessing the skills and talent of the service providers which are needed to improve a customer’s quality of service and time-to-market. December 2013 08  |  Sourcing Reference Guide

9) SOURCING REFERENCE GUIDE 2. SOURCING AGREEMENT STRUCTURES Foreword Sourcing Structures Sourcing Agreement Structures In a nutshell Standalone agreements Overarching framework/master services agreements Conclusion In a nutshell The previous chapter took a high level look at the most common structures used to source services. This chapter focuses on the different ways that the sourcing agreement itself, by which the service provider agrees to provide the customer with the services for payment, can be structured. It does not consider the other types of agreement which might be associated with the overall project, such as a joint venture agreement, asset transfer agreement or any parent company guarantees. The Services Description Sourcing agreements typically take one of two basic forms: Offshoring â– â–  Timing, Delivery and Delay Service Levels Service Credits Charging Models Tax Benchmarking and Continuous Improvement Compliance Data Protection TUPE and Employee Issues Termination Triggers Exit Management Subcontracting: Risk, Liabilities and Managing the Relationship Secondary Sourcing: Contract Renewal, Insourcing and Retendering Governance â– â–  Standalone agreements – the customer enters into one contract with its service provider and this governs the entire sourcing relationship. Behind this, the service provider may subcontract some of its obligations to one or more third parties. Sometimes the customer enters several standalone agreements, each with a different service provider and for a different part of the overall offering, an approach known as multisourcing; Overarching agreements – a framework agreement between the customer and the service provider sets up the legal relationship between the parties. Under this agreement, the parties enter into a number of smaller agreements each of which documents the arrangements for discrete parts of the overall services (perhaps one service stream or the delivery of the services to a particular country in which the customer operates). The remainder of this chapter identifies some of the key considerations which influence the choice of sourcing agreement structure for any particular sourcing deal and highlights some of the contractual challenges which can follow. Standalone agreements Intellectual Property Dispute Resolution 09  |  Sourcing Reference Guide AGREEMENT CUSTOMER SERVICE PROVIDER

10) SOURCING REFERENCE GUIDE Content Under the simplest model, the customer contracts directly with one service provider which agrees to provide all of the services for the contract term. At its most basic, this sourcing agreement will include: Services The obligation to provide the services – linked to a comprehensive description of the services and the standards (“service levels”) to which they must be performed. Payment The obligation to pay for the services – linked to charging information and payment terms which may include indexation and currency arrangements. Governance Governance/management information – setting out the arrangements through which the relationship between the parties is managed. Such arrangements may include reporting obligations, meetings and how to deal with the early stages of disputes. Staff The service provider may be obliged to take on certain of the customer’s staff as part of the deal. In any event, there will be certain requirements relating to the standard of conduct of the service provider’s staff. Confidentiality and data protection Confidentiality provisions, provisions about the customer’s data and any data protection requirements. IPR Provisions about intellectual property ownership; the cross licensing of rights which are necessary to provide, or benefit from, the services and how to deal with third party rights. Liability Information as to the types of loss each party can potentially recover from the other. Exposure to some categories of loss will be financially capped, others uncapped. Term and termination The anticipated term of the service plus the ability to terminate early upon certain trigger events (e.g. significant poor performance or the financial distress of the other party). “Boilerplate” A set of terms which are perceived as particularly “legal” in their nature but which include important issues such as: â– â–  â– â–  â– â–  10  |  Sourcing Reference Guide the choice of law of the contract and forum for formal dispute resolution (particularly important for cross border agreements); whether or not the service provider can subcontract; and whether or not third parties (such as other customer group companies) can enforce contract terms that confer a benefit on them against the service provider direct should the service fail to meet the required standards of performance.

11) SOURCING REFERENCE GUIDE However, many sourcing agreements are far more complex. They may require the service provider to improve the services over time, benchmark the services against competitors periodically, allow the customer to add or drop services and even (perhaps at a cost) terminate the relationship early for the customer’s convenience. They usually also set out detailed information as to what happens when the sourcing agreement comes to an end. (See Chapter 15: Exit Management.) In the “pure” sourcing model, the customer is only concerned with receiving the services; it has little interest or control over how the service provider delivers them. However, in practice customers often need some transparency and/or control over at least part of the “how”, particularly if this is because of regulatory requirements. This is discussed further in Chapter 3 (The Services Description) and Chapter 11 (Compliance). Subcontracting Sourcing transactions commonly cover a wide range of services, some of which may fall outside of the service provider’s main area of expertise. In this scenario, the service provider may wish (and/or the customer may demand) that those particular services are provided by a different provider. The customer can still enter into just one sourcing agreement with the service provider for all of the services which it receives. However, the service provider then enters into a subcontract with a third party supplier which provides the particular services in question. AGREEMENT CUSTOMER SERVICE PROVIDER SUBCONTRACT THIRD PARTY SUPPLIER Strategic advantages Contract challenges From the customer’s point of view the standalone model has the appeal of only managing one service provider relationship. Its service provider remains responsible to it for the delivery of all the services and it only has to deal with that service provider for day to day project management issues and any disputes. Although it is now one step removed from any subcontractor which the service provider appoints, it can still retain some control; the sourcing agreement may specify the identity of the subcontractor and the customer may even be able to require terms of the sourcing agreement to be flowed down to the subcontract. This contract structure is fairly straightforward but the convenience of a single service provider comes at a cost to the customer. This is because the service provider may impose a mark-up on the subcontracted services by way of “management fee” (or another similar “fee”). The markup can cause tension between the parties, especially if the subcontractor is a group company of the service provider, since both the subcontractor and the service provider are adding their margin to the base cost of the services in question. 11  |  Sourcing Reference Guide

12) SOURCING REFERENCE GUIDE Multi sourcing arrangements CUSTOMER AGREEMENT Service Provider Service Provider Strategic advantages The strategy behind multi sourcing arrangements is to allocate the services to a number of separate “best of breed” service providers. Strategic advantages to multi-sourcing include improved performance and increased innovation (more service providers means more new ideas) coupled with a lack of dependency on a single service provider. However multi sourcing does bring with it contractual challenges. Contract challenges Most of the challenges in this model result from the fact that the various service providers’ services are likely to be interdependent and need to be co-ordinated in order to integrate with, and to create a seamless service for, the customer. Many service providers understandably resist suggestions that they contract directly with each other and/or enter into a joint contract with the customer. This leaves the customer contracting with a number of service providers (potentially significantly increasing its negotiation and on-going management costs) yet needing a structure which supports an integrated service. One way for customers to rise to this challenge is to standardise the terms applicable to its various service providers. To encourage its service providers to agree to this approach, the customer’s proposed standard terms should be fairly balanced between customer and service provider. (Sometimes, once the service providers agree to the terms, each set of service provider terms are set out in an overarching agreement, beneath which each service provider enters into its own “call-off” agreement for the service stream(s) which it will be delivering to the customer. This structure is described below). 12  |  Sourcing Reference Guide Service Provider Service Provider The customer can now receive various services from various service providers on broadly standard legal terms and conditions. What the contract structure lacks, however, is any connection between the service providers. This is an important omission if the service providers need to work together to achieve the outcome required by the customer. Because a direct contractual relationship between the service providers is unlikely, relevant provisions are typically included in the customer’s standardised terms. The provision may be a general one for each service provider to co-operate with the others (this is more significant than first appears because it could require the service providers to share their confidential information and intellectual property). However if more detail is required, an operating level agreement can document the overall services provision, distinguish the different component services, assign responsibility for each service stream to a specific service provider and map dependencies between the different service providers. Again, this information forms part of the contract between the customer and each service provider; it is not an agreement between the service providers themselves. Other key terms affected by the multi-source model include management provisions and liability. Commonality as to the frequency, content and format of reports and meetings will support the streamlined approach, whilst contractual clarity as to the responsibilities between the various service providers can prove invaluable should performance issues arise. Because problems experienced by one service provider might well impact another, the contract should also require any defaulting service provider to seek to minimise the impact of its own failing on the other service providers.

13) SOURCING REFERENCE GUIDE Overarching Framework/Master Services Agreements “FAT” MASTER SERVICES AGREEMENT B framework agreement Comprehensive legal terms MSA A “THIN” FRAMEWORK AGREEMENT C D Commercial/factual project specific information A call offs the overall legal terms for each call off are fairly standard B C fewer legal terms D Legal terms and Commercial/factual information STANDALONE AGREEMENTS more flexibility in legal terms Strategic advantages Terminology We have seen, above, that overarching agreements can be used to support multi sourcing models. However, overarching agreements are most commonly used where there will be multiple service recipients or multiple geographies to which the service will be provided, the services are intended to be flexible or there is a desire to aggregate or control expenditure. Overarching agreements are frequently referred to as “Framework Agreements” or “Master Services Agreements”. In practice the terms are used interchangeably but lawyers often understand these terms to mean slightly different things: In this contracting model, the customer and the service provider enter into an overarching agreement. This may set out the full legal terms for the provision of the services or may simply establish a process through which the customer agrees discrete services. Beneath this overarching document, and possibly at a later date or dates, the parties enter into a number of additional documents. Each of these contain details for a particular part of the overall sourcing arrangement. These might be, say, the customer’s service requirements within a particular country (perhaps different standards of performance are appropriate and/or different working hours) or information relating to a particular service stream. 13  |  Sourcing Reference Guide â– â–  â– â–  A Framework Agreement is an agreement which sets up the mechanism for agreeing future, multiple, standalone agreements between the parties; A Master Services Agreement (“MSA”) is one which includes a call-off process by which the customer can procure services or products – with each call-off containing limited legal content and forming part of, and being subject to the terms, of the MSA. Another way of thinking about this distinction is to categorise the overarching agreement as either a “fat” or a “thin” arrangement:

14) SOURCING REFERENCE GUIDE In ‘fat’ master services agreements, most of the contractual provisions sit within the overarching agreement (hence it becomes “fat”). Little “legal” contractual detail is included in each ‘call-off” which itself tends to primarily deal with key commercial information for that element of the services (such as, for example, the number of users, key dates, price and perhaps service levels) and is made subject to, and considered a part of, the overarching agreement. Conversely in ‘thin’ framework agreements a higher proportion of the “legal” terms are set out in the specific, standalone, agreements. In addition to commercial and operational details, these documents will detail termination rights, liabilities and dispute resolution for that particular element of the overall services. For ease of reference, the remainder of this chapter refers to “overarching agreements” (meaning master services agreements or framework agreements) and refers to the documents beneath them as “call-offs”. remain binding and run their course? Does termination of a call-off allow termination of the other call-offs (so called cross termination rights) – or even the overarching agreement? â– â–  â– â–  â– â–  Contract challenges The interplay between the overarching agreement and each of the call-offs is fundamental and must be actively considered, and made clear, within those documents. Failure to do so risks a suite of documents which inadvertently cut across or contradict each other, confusing the overall legal agreement. For example, should every call-off be subject to the dispute resolution provisions of the overarching agreement or, alternatively, should the parties be free to vary the escalation procedure and process for disputes as it relates to a particular call-off/ jurisdiction? An overarching agreement can be structured to allow either approach; but note that the flexibility which results from a call-off’s ability to override the terms of its overarching agreement brings with it the risk of diluting the carefully considered and hard fought terms of the overarching agreement. (In practice a compromise is often reached with some terms fixed within the overarching agreement and others flexible.) Other issues which can become more involved for an overarching structure include: â– â–  Term and termination: Are the terms of the call-offs linked to the term of the overarching agreement? If the overarching agreement comes to an end, does this automatically terminate the call-offs or do they 14  |  Sourcing Reference Guide â– â–  â– â–  Suspension: Similar considerations apply as for term and termination but additional terms can also be affected. For example, does suspension of one or more call-offs adjust the liability cap during the period of suspension? Liabilities: Is there an overarching liability cap applicable to the entire arrangement, (i.e. including all call-offs), or are caps specific to each call-off? Note that the services provided under (and therefore the value of) the overall arrangement is likely to change over its life and thus, a fixed number for a cap at the overarching agreement level is unlikely to work. Governing law and Disputes: Where the deal covers several countries it is usually preferable for the governing law and jurisdiction (being the forum which hears the dispute) to be consistent across the entire arrangement as, practically speaking, any claim will involve aspects from both. Consistency as to the dispute resolution procedure will therefore be easier and cheaper to implement. An exception to this may arise where cross border enforcement may be difficult. Parties: In some circumstances the same two parties (customer and service provider) enter into the overarching agreement and all of the call-offs. In others the latter are entered into by third parties, typically the local group company (for either or both parties) where that document relates to services in that part of the world. In these cases it is sensible to include a ‘claims-herding’ provision so that all claims are channelled through a single party, often the parties to the overarching agreement. Without this the parties risk involvement in claims from multiple parties relating to the same issue. Tax: Where services are being provided in different countries, sales tax may apply under local law to the local supply of services. In such cases, it might be preferable for the local recipient to be the paying party so that any sales tax on purchases can be off-set against sales tax on local supplies. This may necessarily require the parties to enter into local call-offs that are separate agreements to the overarching agreement.

15) SOURCING REFERENCE GUIDE Conclusion Sourcing agreements range from relatively straightforward contracts to complex legal relationships made up of several interrelating documents operating in multiple jurisdictions. In an ideal world the parties will actively consider which structure best fits their particular transaction at the initial stage of the project. Our team has experience of the spectrum of approaches and is able to advise both customers and service providers as to the pros and cons of each possibility. December 2013 15  |  Sourcing Reference Guide

16) SOURCING REFERENCE GUIDE 3. THE SERVICES DESCRIPTION THE FOUNDATION OF A SOURCING AGREEMENT Foreword Sourcing Structures Sourcing Agreement Structures The Services Description In a nutshell  Process for drafting a services description Key issues Conclusion Offshoring Timing, Delivery and Delay Service Levels Service Credits In a nutshell The services description is the foundation of any sourcing relationship. It defines either the services to be provided or, as has become more common in recent years, the results to be achieved. However, it also underpins many other elements of the overall agreement, from the charges payable to the performance levels and any transitional arrangements. Less obviously, it affects other parts of the project such as the dependencies upon the customer and the way that the parties manage and govern the relationship. Inevitably the services description forms one of the schedules to the main terms of the sourcing agreement (and therefore it still forms part of the legal agreement between the parties). Although largely operational/technical in its content, this schedule will still need legal review to ensure that the services are described in a sufficiently detailed and measureable way and to identify, and resolve, any inconsistencies with the main terms. Charging Models Tax Benchmarking and Continuous Improvement Compliance Data Protection TUPE and Employee Issues Termination Triggers Exit Management Subcontracting: Risk, Liabilities and Managing the Relationship Secondary Sourcing: Contract Renewal, Insourcing and Retendering Governance Intellectual Property Dispute Resolution Process for drafting a services description The dependency of the other schedules on the services description means that the services description needs to be prepared first. It is usually drafted by the customer with any corresponding technical detail prepared later by the service provider. Exactly how the services description is drafted turns upon the way that the customer selects the service provider and how well defined the scope of services are prior to its drafting. If the proposed services already exist (perhaps they are even supplied already by an incumbent service provider), or the service provider has been issued with an Invitation to Tender or Request for Proposal and has responded, then the scope of the services are probably well developed and documented – greatly assisting the drafting of the services description. If, however, the services are currently provided in-house and are not comprehensively documented, the process of preparing the services description can prove a useful tool for interrogating the parties (challenging the customer’s desires and the service provider’s responses) and defining the scope. In this scenario it is important to involve several disciplines, as well as lawyers, from both parties. Key factors at the early stages of the development of the services description include: â– â–  â– â–  16  |  Sourcing Reference Guide obtaining an informed, and comprehensive, understanding as to the current “as is” service provision; obtaining an informed, and comprehensive, understanding of the services required under the project. Where these services represent an improvement on the current “as is” service the customer should appreciate

17) SOURCING REFERENCE GUIDE this and should also identify any hard requirements for the transformation (such as the introduction of new regulatory requirements); â– â–  â– â–  â– â–  â– â–  categorisation of the services into “must have” and merely “nice to have”; the extent to which the services are “future-proof”. Perhaps the services can be described in a way which assists this (see “outcomes versus inputs” below)? the location from which the customer anticipates that the services will be delivered (e.g. customer premises, service providers site, shared services site?); who it is envisaged will lead the finalisation of the service descriptions and associated “capture” of business functions (internal business function or internal commercial/procurement function or external consultants?); â– â–  the extent to which licences/usage rights for software or other materials owned, or used, by the customer or any incumbent service provider will continue after the sourcing relationship comes to its end. Our Requirements Builder is an online tool which streamlines the initial ‘requirements capture’ process for customers. An automated online questionnaire, this tool builds a comprehensive ‘Requirements Summary’ for the key components of outsourcing projects, including the services themselves, enabling customers to produce the initial draft services description quickly and cost effectively. Perhaps just as important, it helps customers to identify “known unknowns” at an early stage. Key issues Services not performance We have seen that the services description describes the services to be provided/results to be achieved by the service provider and that it lies at the heart of the overall project. It is particularly closely linked with two regimes: the service levels regime and the service credit regime (see Chapters 6 and 7 below). For either of these regimes to work, and for the reasons discussed below, the sourcing agreement must differentiate between the service description and performance of the services. By way of example, if the service is the provision of a horse which can jump, then the services description might set out the specifications of the horse and the requirement to jump; the service levels would specify how high and how often it needs to jump and the service credit regime would prescribe the pricing adjustments should the horse fail to jump to the required height or with the required frequency. Outcomes versus inputs The “pure” sourcing model requires that customers dictate what services they receive but not how those services are delivered. It follows that within the services description the services are described as what the deliverables are or 17  |  Sourcing Reference Guide what results must be achieved (such as better accuracy, improved rate of turnaround, increased savings, enhanced customer satisfaction, further product innovations or reduced time to market). This “outcomes” approach has the immediate advantage of allowing the service provider to propose its most cost effective solution. Then, once the services are up and running, the customer should be able to take advantage of the service provider’s technical innovation and expertise, quite possibly improving the services which are enjoyed. However, the reality is that sometimes, particularly in highly regulated industries, the customer needs to know how the customer will deliver its services. One way of achieving this is to include the “how” in a technical solution section or document. Continuing our example, the solution section or document might describe the type and quantity of hay that the service provider will feed the horse or the training regime for the horse. Documenting these “hows” within the solution section/ document (ie. separately from the service description) is important because the “whats” within the service description are the “whats” that the service provider is measured against – and any service credit regime will be based on these measurements.

18) SOURCING REFERENCE GUIDE However, a sourcing agreement which contains both “what” and “how” is potentially problematic. If the services (“what”) are under-performed, but the technical solution demanded by the customer (“how”) is nevertheless fulfilled, which party is at fault and which party bears the risk? description prevails. This leaves solution and integration risk with the service provider and prioritises services, delivery above technical compliance. However, long before this, to minimise the risk of such conflict occurring in the first place, a compliance matrix, such as the one set out below, may be used during the tender process to identify any mismatch between delivery and solution. The legal response to this scenario is that the agreement must specify whether the services description or the technical solution take precedence. Usually the services Ref Customer Requirement Satisfies? (Y/N) Suppler Solution Solution meets or exceeds? (Y/N) Agile methodology perspective Using Agile methodology for software development impacts the drafting of the services description. Agile is based on iterative and incremental development, which requires a continuous collaboration in respect of the requirements and solution. The services description is therefore drafted as a description of the process within project cycles and may be more appropriate for use where there is a ready culture for change. Objectivity The dependency that so much of the sourcing has upon the services description means that it must be an accurate and comprehensive document. Errors, or a lack of detail, can affect how the rest of the sourcing agreement operates or how the services are interpreted, risking unnecessary and expensive disputes. The completeness (or not) of the description of the services is always an issue in negotiations for sourcing arrangements. Service providers rightfully expect the sourcing agreement to set out the list of services and associated tasks to be provided in their entirety. Customers, however, are more inclined to consider that the service provider, as an expert in the area, should agree to provide not only the services listed but also all tasks, services and responsibilities which are incidental to them. The latter approach can be achieved through a so called “catch all” clause. 18  |  Sourcing Reference Guide Yet the flip-side of this need for the services description to be accurate and complete is that if the description is too prescriptive, then it will preclude any flexibility during the term of the sourcing agreement (other than by recourse to formal change control). Change control affords each party a protection against increasing costs and risk but, where the parties feel they can, they should agree a degree of flexibility to allow for day to day minor adjustments. The drive for accuracy and completeness is also limited by the practical impossibility of exhaustively describing the services. The parties must therefore strike a balance between wanting the certainty of a complete description and identifying which points of flexibility they can provide for in the sourcing agreement. They must agree a level of detail which will capture their points of concern but which will allow the operational teams room to manoeuvre free of the agreement’s bureaucracy. As well as the “catch all” provision described above the Governance schedule has an important link to the services description here because it sets out how the

19) SOURCING REFERENCE GUIDE parties report to each other and interact during the lifetime of the sourcing agreement. (See Chapter 18 (Governance) below.) Third party responsibilities The service provider’s services and systems may well need to interface with the customer’s and/or other third party’s services and systems. Unless these are covered off in greater detail in a technical solution or in an inter-party agreement, then the services description should seek to define these interfaces and the extent of the service provider’s responsibilities for creating, managing and maintaining the interfaces. Not a sales document Finally, the services description must not be an aspirational “sales” document but, rather, make clear and unambiguous statements about the services required. By way of example, an incident management service should not be “designed to minimise the impact of an incident” but to provide a fix or a workaround via remote or on-site support. The service level schedule can then objectively measure these requirements whereas it could probably only subjectively measure the success or otherwise of the service provider’s efforts to minimise the incident’s impact upon the customer. Conclusion An accurate and carefully drafted services description, on which so many other elements of the sourcing agreement will depend, is fundamental to ensuring that the customer’s reasons for entering into a sourcing agreement are achieved – a good result for both service provider and customer. January 2014 19  |  Sourcing Reference Guide

20) SOURCING REFERENCE GUIDE 4. OFFSHORING Foreword Sourcing Structures Sourcing Agreement Structures The Services Description Offshoring In a nutshell Key issues Conclusion Timing, Delivery and Delay Service Levels Service Credits Charging Models Tax Benchmarking and Continuous Improvement Compliance Data Protection TUPE and Employee Issues In a nutshell “Offshoring” is not necessarily the same thing as “outsourcing” or “sourcing”, but the two are so often closely associated that the confusion between them is perhaps understandable. Put at its simplest, “offshoring” involves the transfer of responsibility for a particular service to a service provider who is based in a different physical jurisdiction/geography to that of the customer/end recipient. Where offshoring and sourcing come together is where a service provider, in framing its solution to the customer, elects to locate some or all of its service delivery capability from an offshore location (usually, but not always, from a “lower cost” jurisdiction such as India or the Philippines). This scenario brings a slight change of emphasis in the sourcing agreement to accommodate issues arising from offshore delivery. Key issues The fact that a sourcing agreement involves offshored supply of services does not of itself negate any of the “best practice” principles which are set out elsewhere in this guide. However, it will raise a number of specific additional issues which need to be considered both from a contractual and a practical perspective, including in relation to: Exit Management Subcontracting: Risk, Liabilities and Managing the Relationship Secondary Sourcing: Contract Renewal, Insourcing and Retendering Governance Intellectual Property Dispute Resolution â– â–  contract structure and parties â– â–  liability and enforcement issues â– â–  tax treatment â– â–  data transfers â– â–  staff and immigration issues â– â–  business continuity â– â–  audit and control clauses â– â–  Termination Triggers transition and termination related rights Many of these issues are considered within their own standalone chapters of this guide but we summarise the key points for offshoring in particular below. Contract structure Where the contracting parties are based in different geographies, an early decision should be made as to which of the two legal systems should govern the relationship. A customer is likely to prefer an agreement which is focussed on the jurisdictions to which the services are provided (rather than the offshore location where the service provider is based); as a result the agreement will commonly be subject to the laws of the “home jurisdiction” of the customer. The service provider’s contracting party may be based offshore but equally it is common for an offshore provider to use a “local” (i.e. customer’s jurisdiction) subsidiary as its contracting party or to contract via its parent or holding entity 20  |  Sourcing Reference Guide

21) SOURCING REFERENCE GUIDE (which, in turn, “internally” subcontracts the day to day provision of any onshore services to its affiliates or subcontractors). The latter is “indirect sourcing” as described in Chapter 1 (Sourcing Structures). Where the contract is to involve services being provided in multiple jurisdictions at the same time, the more usual structure will be to have an overarching agreement which sets out all of the key legal and commercial provisions. Each jurisdiction receiving services will then have an individual local services agreement which will be subject to the terms of such overarching agreement, but which will also set out any local variations (whether in the nature of specific service requirements or local issues of non derogable law or regulation). Contract structures, including overarching agreements, are more fully explained in Chapter 2 (Sourcing Agreement Structures). Liability and enforcement Closely related to issues of contract structure, a key “legal” concern for parties entering into an offshoring arrangement can be the question mark over the enforcement of any contractual remedies against the other, defaulting, party where it is based in a different jurisdiction. Where a dispute ultimately leads to a court judgment against that party, what is such a judgment/order actually worth in practice? The same question applies to the decision of an arbitral tribunal or even circumstances where a breach is undisputed by the defaulting party and liability follows. Does the defaulting party have sufficient assets to secure enforcement within the claimant’s home jurisdiction, or would the claimant need to consider an enforcement action in a foreign jurisdiction, in the event that the defaulting party refused to pay up? It should be said at the outset that we do not believe that any reputable offshore providers would seek to exploit their lack of onshore resources or assets in this way; certainly if they were to do so and it became known in the market, it would damage their reputation significantly. However, if a residual concern nonetheless remains (perhaps within the “legal” or “risk” teams supporting the project), and there is no meaningful service provider company based within the customer’s jurisdiction, both customer and service provider could consider the following: â– â–  Whether the offshore country (or the “home” country of the service provider, if this is different) has a 21  |  Sourcing Reference Guide reciprocal enforcement of judgments treaty with the customer’s home country where judgment would be obtained; similarly in respect of the decisions of any relevant arbitral body. If such a treaty exists, how quickly enforcement can be achieved. For example, for English and Australian court judgments (amongst others), the New York Convention on the Recognition and Enforcement of Foreign Arbitral Awards means that in many instances an arbitral award is easier to enforce than a court judgment, particularly where enforcement is required outside of the EU. â– â–  â– â–  Whether to have the parent service provider entity and its local subsidiary (if there is one) made jointly and severally liable under the main contract, so that both entities assets and balance sheet are immediately available to claim against. Requiring a performance bond to be provided not by the parent entity/offshore service provider, but by an independent financial entity. This can give a more immediate and guaranteed means of accessing the sums involved but will come at an additional cost which the service provider will likely be reluctant to bear, at least in full. Tax treatment Another factor influencing the choice of contracting entity may, however, be tax treatment. A service provider based in one jurisdiction, which signs up to provide services in another, risks facing a claim by the tax authorities in the “receiving” jurisdiction to the effect that it has created a permanent establishment there. Customers will also need to consider the tax implications of engaging an offshore service provider but often customers can reap positive rewards from offshoring. For example, customers can benefit from any tax exemption enjoyed by the service provider which is passed on to the customer in the form of reduced pricing (as will for example often be the case with services provided from some of the “Special Economic Zones” in India). The tax implications of sourcing are outlined in Chapter 9 (Tax). Data transfers Historically, and particularly for clients based in the EEA and subject to the EU Data Protection Directive

22) SOURCING REFERENCE GUIDE and associated legislation, concerns about protection of personal data led to some delay or reluctance to embrace the offshoring of services which would involve significant amounts of such data. India, in particular, is not recognised by European regulators as an approved country with equivalent levels of legislative protection for personal data to that in existence within the EEA. This initially left EEA customers having to find other means to establish the adequacy of protection for any offshored data related services. In practice however, this has become something of a non-issue by reason of the wide prevalence of the use of the Model Data Transfer Terms. These terms, approved by the European Commission, are designed to ensure compliance by the offshore service provider with the fundamental principles of data protection which operate within the EEA. They are almost invariably included in offshoring agreements which means that the service provider and customer sign up to them contemporaneously with the execution of the main offshoring agreement. Note, however, that whilst this may satisfy the requirements of the law from a purely contractual perspective, it is likely that the data protection/privacy regulators will still require evidence that the customer has investigated what will be done with the personal data “on the ground” (e.g the customer may visit, and inspect the security arrangements at the offshore premises). Local perspective Privacy in Australia is governed by the “National Privacy Principles” of the Privacy Act 1988 (Cth). The regime will change in early 2014. However, at the time of writing, under this Act personal data regarding an individual may be transferred outside of Australia if one or more of a number of requirements is satisfied, including: that the individual consents; that the transferor reasonably believes the recipient to be subject to a law, scheme or contract which requires fair handling and is substantially similar to the National Privacy Principles; or that it is necessary to perform certain categories of contract. Data protection issues relating to sourcing in general are covered in more detail in Chapter 12 (Data Protection). Staff and immigration One key issue associated with offshoring, as opposed to “onshore” sourcing, is the impact upon the inscope staff of the customer and/or its incumbent service providers. Within the European Union, mandatory legislation operates to protect personnel who are wholly or substantially engaged in the function to be transfered from customer to service provider (at the EU level this legislation is referred to as the Acquired Rights Directive (“ARD”)). Each country enacted it into law by national legislation, for English law this was achieved by the Transfer of Undertakings (Protection of Employment) Regulations 2006, as amended (“TUPE”)). Under TUPE, affected employees automatically have their contracts of employment transferred to the service provider; this applies both upon a first generation sourcing deal (customer to service provider) and any “next generation” version of it (service provider to replacement provider or back to customer). Historically there was 22  |  Sourcing Reference Guide some debate as to whether the statutory protection would still operate where the service provider was based offshore (and therefore perhaps not subject to European legislation). However, the better view now appears to be that the affected personnel do, in fact, transfer by virtue of TUPE but they are then likely to be redundant because the new (primarily offshore) service provider will probably have no, or substantially reduced, requirements for onshore staff. This raises the commercial issue of who pays for the redundancies of such personnel. The reality is that ultimately it is likely that the customer will do so, either by way of an express indemnity or by reason of the fact that the service provider will (if it is well advised!) have factored such redundancy costs into its overall pricing. Looking at things at the other end of the lifecycle, when the outsourcing agreement comes to an end, if the majority of the service personnel were recruited, and are now located, offshore (so European legislation does not protect them), then the risks of staff transfer and redundancy costs fall significantly (although consideration should be had as to whether any issues arise under the

23) SOURCING REFERENCE GUIDE relevant local law where the offshore personnel are located). This does, however, create a slightly different challenge which is all too often overlooked; the impact upon continuity of service where there is a change of service provider, or the services are taken back “inhouse”, but no personnel who are truly conversant with such services transfer with them. In practice this scenario increases the likelihood of an incoming provider arguing that it should be granted “service level holidays” or other forms of interim relief during the early months of a new deal, as it gets itself up to speed “from scratch”. Another potential staff issue relates to immigration. If the service provider is fundamentally based and staffed offshore but circumstances arise which require an increase in onshore presence, the service provider may need to obtain visas or work permits for its key personnel, a process which is not necessarily quick or easy. Understanding the likelihood of this arising and what the service provider plans to do to mitigate the risk (e.g. have more staff based or available onshore at the outset etc) will be a key consideration for the client. local perspective Many jurisdictions, such as the US and Australia, have no equivalent to ARD/TUPE. Employee matters in relation to sourcing more generally are considered at Chapter 13 (Employee Transfer). Business continuity Disasters can strike in any jurisdiction, of course, and business continuity and disaster recovery planning is by no means unique or restricted to offshored services. However, it is equally fair to say that offshored services are often provided from lower cost jurisdictions where the general infrastructure is perhaps not up to European/ North American standards, and where there may be greater risk of socio-political unrest or disruption and/or extreme weather events. Accordingly, the profile and importance of business continuity/disaster recovery provisions tends to be heightened in offshore deals. Agreements typically contain more detail regarding the arrangements to be in place such as the availability of uninterrupted power supplies and back up generators, the existence of remote hot or cold disaster recovery sites, commitments to relocate affected staff within set deadlines, minimum frequencies of disaster recovery tests and the availability of test data. are not only physically remote from the customer, but are also more likely to be working on a day to day basis on their own IT system, and simply accessing/interfacing with the customer’s systems on a remote basis. This scenario is necessarily less transparent. Maintaining adequate reporting provisions and rights of physical audit are therefore of great importance in offshoring arrangements. For larger deals, it may even be prudent for the customer to retain the right to have representatives “on site” at the service provider’s sites on a permanent basis, and for the service provider to be obliged to provide facilities to accommodate this. Transition and termination rights The process of getting “in” and “out” of offshored sourcing deals can be more fraught in practice than for a pure onshore deal, simply because of the distance factor and the difficulties that this can create for knowledge transfer and oversight. Audit and control The parties should therefore take great care over the setting of clear transition related milestones (with financial sanctions, where appropriate) to ensure that everything remains “on track” at the outset. For a “traditional” sourcing arrangement where many of the service provider’s staff work at the customer’s premises, oversight is a continuing and constant process; likewise if the service provider is working on the customer’s own IT systems (so that data is immediately available to the customer as well). However, the same cannot be said of offshore arrangements where the service provider’s staff Aside from the “usual suspects” in terms of termination rights, customers may also seek to insert rights which are linked to the multi jurisdictional nature of the project. For example, the rights triggered by tax law changing in a way which adversely impacts upon the project purely because of the offshore location (as opposed to the services themselves). 23  |  Sourcing Reference Guide

24) SOURCING REFERENCE GUIDE Conclusion Offshoring arrangements can be hugely beneficial to both customer and service provider. This chapter highlights some of the typical key issues and considerations which need to be addressed where the offshore model is being used. Both parties should be reassured that these issues are not barriers to offshoring but simply represent a change in emphasis compared to the traditional sourcing risk profile. All should be resolvable with support from an experienced team. February 2014 24  |  Sourcing Reference Guide

25) SOURCING REFERENCE GUIDE 5. TIMING, DELIVERY AND DELAY Foreword Sourcing Structures Sourcing Agreement Structures The Services Description Offshoring Timing, Delivery and Delay In a nutshell Process and commercial issues Key contract terms Service provider exclusions Conclusion Service Levels In a nutshell Providing for the consequences of delay is an essential part of any sourcing agreement but can be difficult to negotiate. The customer wishes to incentivise the service provider to perform on time and to be compensated for the financial impact of the service provider’s failure to do so. The service provider will look to restrict the amount it has “at risk” for delay and to resist responsibility for any delay which is not caused by it or which falls outside of its control. This chapter outlines the key commercial and contractual issues in drafting for delay in a sourcing agreement. It focuses upon key milestone deliverables such as a target go-live date or staff transfer date. More “day to day” matters are typically governed by the service level and service credit regimes which can be used to regulate and incentivise timely performance. These regimes are explained in Chapters 6 (Service Levels) and 7 (Service Credits). Service Credits Charging Models Tax Benchmarking and Continuous Improvement Compliance Data Protection TUPE and Employee Issues Termination Triggers Exit Management Subcontracting: Risk, Liabilities and Managing the Relationship Secondary Sourcing: Contract Renewal, Insourcing and Retendering Process and commercial issues Understandably, most service providers do not enter into negotiations offering customers comprehensive remedies for delay. The onus therefore falls on the customer (with, of course, its advisors) to work out an appropriate delay regime and negotiate with the service provider to include this within the sourcing agreement. In any event, the customer is best placed to assess the impact of any delay. It should consider a number of issues before proposing its delay regime: â– â–  â– â–  Governance Intellectual Property Dispute Resolution â– â–  â– â–  â– â–  â– â–  25  |  Sourcing Reference Guide What are the commercial consequences of delay? Might a legacy (existing) system become unsupported or might an existing sourcing agreement need to be renewed to cover the delay? The commercial analysis should help with identification of the really key dates on the implementation timetable. Perhaps only the implementation end date is key? As a related point, might it be appropriate, at least in relation to some interim milestones, to allow the service provider to catch up, or to provide for a period of “grace”, before any remedies are triggered? How will the proposed delay regime affect the service provider commercially? Is the amount that the customer seeks the service provider to put at risk wholly disproportionate to the amount of revenue that the service provider would earn during the implementation phase? Appreciate that requiring financial compensation and other remedies for delay may attract a risk premium which will be built into the service provider’s overall price. Appreciate that many factors can cause delay, in particular dependencies on the customer or third parties, and the service provider will want to ensure it is not liable for delay to the extent that delay is caused by one of these dependencies.

26) SOURCING REFERENCE GUIDE Key contract terms At its simplest, the absence of delay provisions in a sourcing agreement means that the customer (probably) only pays the service provider when a milestone is achieved and that there is no automatic compensation for the customer for delay. In a number of circumstances, this may well be acceptable. However, if a lot rides on timely achievements of each milestone, and such milestones are not achieved on time, the customer’s remedy is an “ordinary” breach of contract claim which may well be disproportionate and unnecessary. To encourage adherence to the implementation timetable, therefore, sourcing agreements commonly include a number of “timing related” contractual provisions. Milestones, notification and remediation plans Any discussion about delay starts with the agreed implementation timetable and milestones; the commercial implications of delay for that particular customer and particular project will drive which of the dates/milestones are linked to which contractual rights and remedies. From a practical perspective the sourcing agreement should require the service provider to notify the customer as soon as it considers that a milestone date will not be met. This notice should set out the reasons for, and a plan to remedy, the delay. Customer remedies From a customer’s prospective, the remedies fall in two broad baskets: operational remedies and financial remedies. Operational Remedies By operational remedies, the customer will want to know what the service provider is going to do to identify the issue that led to the failure, what the service provider is going to do to fix that issue and what the process is to agree a revised milestone date. Financial remedies Financial remedies typically take the form of pre-determined fixed amounts, namely “liquidated damages” (LDs”) or “delay payments”. As this financial remedy is a form of damages it only becomes payable upon a specific breach of the sourcing agreement (in this context – a missed deadline). Sometimes the total amount of delay damages is capped (and both parties need to understand whether delay payments count toward any general liability cap). However once any delay payments cap is reached other options might be available to the customer (see “other remedies” below). If a milestone date has not been met, the sourcing agreement will need to address the consequences of this breach. Local perspective: liquidated damages In contracts governed by English law, Australian law or by certain European civil law jurisdictions, liquidated damages (“LDs”) must be set at a level which compensates the customer or is at least commercially justifiable (rather than being designed to “punish” the service provider). LDs which are set too high and tip into punishing the service provider risk being unenforceable. Overly high LDs will also prompt the service provider into building a significant risk premium into its overall price. This means that the customer could lose twice over; by paying a higher overall project price and having imposed LDs which prove unenforceable should the service provider delay. In the Middle East, even if a sourcing contract is said to be governed by, say, English law, if a local court accepts jurisdiction over a contractual dispute there is a risk that the court will apply local laws to that dispute. This means that it is always important to consider local law implications when contracting in the Middle East – even where the parties have agreed that local laws will not apply and/or local court or tribunal will not have jurisdiction. In relation to LDs in particular, foreign contracting parties should be mindful of the fact that if local laws are applied to a contractual dispute then any liquidated damages provision in a contract may be varied by the court (up or down) in certain circumstances so as to be equal to the value of the loss actually suffered by the innocent party. 26  |  Sourcing Reference Guide

27) SOURCING REFERENCE GUIDE Where LDs are payable for missed interim milestones the service provider might be given the opportunity to “catch up”. In this scenario, delay payments paid can be recovered by the service provider; or held in an escrow account for an interim period for the purpose of providing funds for the customer to recover its actual costs incurred by the delay before the money is returned to the service provider (assuming the service provider has “caught up”). from any resulting liability. These events are known as “relief events”. The scope of these relief events is sometimes the subject of negotiation. It has become more common in recent times for lawyers to seek to structure delay payments as a reduction in the transition/implementation charges (on the basis that the customer did not receive the full services for which it contracted) rather than as liquidated damages. The rationale here is to try and minimise the risk that the delay payments are not enforceable. However, in practice the customer may not know what it is supposed to do or not do, and so the customer may require the service provider to notify it if it is required to do something. It follows that if such notification is not given, then the customer could not have known that its act or omission would prevent the service provider from performing and the service provider should not therefore be relieved. Other remedies The obligation to fix the issue and/or payment of delay damages might be the exclusive financial remedy(ies) available to the customer for delay. Alternatively, the sourcing agreement may well also allow for other remedies where the delay is significant; perhaps a longstop date has been reached or the maximum amount of aggregate delay damages has been reached. At this point the sourcing agreement might expressly allow for other remedies to reflect the service provider’s failure to achieve the relevant deadline, and to allow the customer to mitigate against the consequences of the non-achievement of the milestone. Example of such remedies might be engaging a third party in place of the service provider, increasing the financial remedy or even termination. Service Provider Exclusions On many occasions, the service provider’s failure to achieve a milestone by the due date may have been caused by factors beyond its control, the main ones being as follows: â– â–  the customer itself or another third party service provider engaged by the customer; â– â–  a force majeure event; or â– â–  a change in applicable laws. To the extent any of these events cause the service provider to fail to achieve the milestone by the relevant due date, the service provider will want to be relieved 27  |  Sourcing Reference Guide Relief Event caused by the customer It is quite normal for the customer to accept that the service provider is relieved if the customer prevents the service provider from performing. Conversely, there may be a situation where the customer has prevented the service provider’s performance but this is due to a service provider failure; for example, not carrying correct identification as requested by the customer causing the customer to prevent the service provider personnel from entering the premises. In such circumstances, would it be fair for the service provider to be relieved – perhaps not? What this means is that the sourcing agreement needs to be clear as to the customer and service provider dependencies, if there are any, and that these dependencies should fit into the relief events mechanism. Relief Event caused by Customer controlled third party From the service provider’s perspective, a customer’s third party may prevent it from performing on time and as such, this may be a relief event. The parties will need to distinguish here between those customer third parties that the customer controls and those that the service provider may take control of as part of the outsourcing. Relief Events caused by a Force Majeure Event The parties will need to consider whether the force majeure event could have been foreseen or avoided. It is hard to argue, however, that a genuine force majeure event impacting the service provider should not relieve that service provider from liability for failure to perform on time.

28) SOURCING REFERENCE GUIDE Local perspective Recent events in the Middle East underline the importance of including a well-considered force majeure clause in a sourcing agreement. These events include political uprisings, wars and periods of mourning for deceased leaders and can have a significant impact on the ability of the service provider to perform the services and even for the customer to pay for them (e.g. when the banks are closed). In addition to the particular nature of the events which may constitute force majeure in the Middle East, it is also important to consider the specific laws which will be applicable in the event of any form of supervening event disrupting performance of the contract. For example, the Civil Code of the United Arab Emirates caters for different types of supervening events typically referred to as force majeure and sets out specific rules to be applied by the courts when considering whether a party’s failure to perform is excused by the supervening event. Such laws should be taken into account by the parties at the time that they are negotiating their sourcing agreement. Relief Events caused by changes in applicable law As with force majeure related relief events, consideration will need to be had as to whether the change in applicable law was foreseen. In developed jurisdictions, changes in law are introduced with sufficient warning but this is not always the case in emerging markets or in jurisdictions governed by sovereign rulers. Moreover, who does the changes in applicable law impact? If it impacts the customer, then the service provider may not have foreseen it (although if the change impacts the sector, a service provider being active in that sector may well have anticipated the change) but if the change applies to the service provider, then the service provider arguably should have foreseen it. When determining remedies, the parties should be reasonable and settle on remedies that are proportionate to the impact of the delay. Parties risk reaching an impasse in negotiating remedies when they are used to “catch the service provider out” or reduce the contract price. Payment Profile and Operational Period The commercial consequences of delay must also be considered in the wider context of the payment profile. A key consideration is whether the service provider is paid for implementation activities in stages against the achievement of milestones or whether the upfront investment in new systems is recovered after the service “goes live”. In the latter case, contracts may be drafted such that the period of delay will reduce the operational period and therefore the period of time over which the service provider has the opportunity to recover its upfront costs and make a profit. This may significantly increase the risk profile for the service provider if coupled with delay damages. At the other end of the risk spectrum (i.e. more favourable to the service provider), the service provider is paid on a time and materials basis for implementation activities. Conclusion Successful delay mechanisms are bespoke, reflecting the commercial context of the particular sourcing implementation. Consideration must be had to key elements of the plan, triggers for service provider reliefs and the implementation phase’s payment profile. Where feasible, customers and service providers should appreciate the real benefits to documenting what is needed from the other party, setting out in the sourcing agreement dependencies and cooperation requirements. February 2014 28  |  Sourcing Reference Guide

29) SOURCING REFERENCE GUIDE 6. SERVICE LEVELS Foreword Sourcing Structures In a nutshell Offshoring Chapter 3 (The Services Description) explained how the services description documents the services to be provided by the service provider. Two other elements of the overall agreement are closely tied to, and must align with, this services description: the service levels and the service credits regime. Timing, Delivery and Delay â– â–  Sourcing Agreement Structures The Services Description Service Levels In a nutshell The process  Increasing and Reviewing service levels throughout the life of the agreement Conclusion Service Credits Charging Models Tax Benchmarking and Continuous Improvement Compliance Data Protection TUPE and Employee Issues Termination Triggers Exit Management Subcontracting: Risk, Liabilities and Managing the Relationship Secondary Sourcing: Contract Renewal, Insourcing and Retendering Governance Intellectual Property Dispute Resolution â– â–  Service levels compliment the services description by setting the service levels – which are the standard of performance required for the services being delivered; Following actual performance, monitoring and reporting actual performance against the service levels, service credits are often used to allow deductions from the service charges. By this mechanism, the charges actually paid are adjusted to reflect any sub-standard performance. This part of the Reference Guide considers the issues involved in, and current approaches to, creating a robust and manageable service levels and service credits regime. This Chapter 6 focuses primarily on service levels and Chapter 7 primarily considers service credits. Local perspective In our experience, many customers in the Middle East have previously preferred to contract on a resource augmentation/body shopping basis, meaning that service level regimes have been absent from their contracts. As customers in the Middle East look to further benefit from their sourcing relationships they are moving away from resource augmentation models and introducing service levels for the first time, making the principles set out in this chapter particularly important. The process As mentioned, service levels document the performance standard required by the customer and how it will be measured. How, and when, do the parties draft and agree this important component of the overall agreement? Ideally, draft service levels are issued to potential service providers as part of the bidding process. Including service levels in the bidding process provides the service provider with additional information to help it prepare its technical and financial response. The extent to which service providers can demonstrate that they will fulfil these service level obligations then becomes a key part of the evaluation process. However, the customer will only be able to include service level information at this early stage where it has a firm and detailed understanding of its own services requirements (which is not always the case) and its performance demands. 29  |  Sourcing Reference Guide

30) SOURCING REFERENCE GUIDE Many sourcing transactions concern services which have historically been provided in-house by the customer. However, customers should allow for pre-existing ‘internal’ service levels not being sufficiently robust and/ or detailed to form part of a formal sourcing agreement. More often the customer’s technical, commercial and legal teams (perhaps working with external expertise) work together to draw up the service level regime. The technical team focuses on the technical details of the service and the commercial team on identifying the business functions and/or processes to be delivered and the level of service performance required. The legal team then ensures that the service level regime is properly incorporated into, and consistent, with the overall sourcing agreement so that the required rights and remedies are available at the appropriate times. â– â–  â– â–  â– â–  â– â–  an understanding of the impact of volume and workloads on service quality. Both average and peak volumes for data storage and processing should be considered; any available projections for the use of the services. The service level (and indeed service credits) regime may need to be scalable; categorisation of all information according to specific elements of the services (to avoid creating different measures for the same performance issues); whether or not there should be any initial beddingin period. During a bedding-in period service levels are only monitored for information purposes; service credits do not apply; the measurability of service levels. These need to be easily and objectively measureable in a proportionate way; it is important to avoid creating a measuring and reporting industry in itself. An alternative approach, which is sometimes used, is for the service provider to monitor the internal provision of such services for a finite period post signature, document its findings and submit these to the customer for approval. â– â–  Where the sourcing is a “second generation” sourcing the customer is likely to have a good head start on this part of the agreement. Second generation means the transfer of an existing service from an incumbent service provider to a replacement provider. In these cases, the incumbent’s service levels are likely to be well documented and may prevail – at least until they are replaced with any new requirements of the customer. Armed with this information, the service levels regime can be prepared. Preparing the Service Level regime In setting the specific service levels and service credits, a customer should: â– â–  Checklist of key information Before drafting a successful service level regime the following information should be obtained: â– â–  â– â–  â– â–  available historic information regarding the customer’s requirements for the services; accurate, realistic information as to the actual needs of the business users and the underlying business (this may differ from the historic information); any available and applicable industry standard service levels (sometimes these will prove higher than the customer has been providing in-house). 30  |  Sourcing Reference Guide â– â–  identify from the users and business, those parts of the services which need to, and can, be measured and the standard to which the services must be provided. Not all elements of the services will be (or, indeed, should be) measured and/or have service credits attached. In all likelihood only the crucial elements of the services will be subject to service levels and, in practice, it is possible that some of these will not be easily measureable; ensure that the service levels attached to services are clearly defined, objectively measurable and achievable. Volume, timing and frequency are the essential measurable criteria;

31) SOURCING REFERENCE GUIDE â– â–  â– â–  decide on the tolerable degree of variance from the required standard (by way of exception rather than the norm). This degree of tolerable variance will then be subject to service credits – which are discussed more fully in the next chapter; and identify minimum service levels. If the service falls beneath these minimum performance levels, additional remedies become available to the customer. In practice, the devil is in the detail for service levels. For example, what happens to measurement outside of normal service hours (i.e. if a service need only be available in business hours and there is a 24 hour fix time, is that a continual 24 hours or does it only catch the service hours)? How does the agreement treat events which occur only infrequently or very frequently? The statistics for measuring each of these over a particular time period can be misleading. Draft service levels need to be interrogated to identify and resolve these sorts of issues – but nevertheless avoid overcomplicating the regime. Multi-country sourcings Service levels for multi-country sourcings should take into account the fact that few services are truly global in application. Equally some service providers are unable to deliver all services, to the same service levels, in multiple locations. Reasons for these challenges can include reliance on local staff and/or sub-contractors and limitations imposed by local market conditions and/or infrastructure. That said, several approaches have been successfully implemented by leading service providers in the business process outsourcing market to harmonise service provision. Even if limitations exist, they are not necessarily problematic for the customer; in all likelihood not all services being offered will be required in all locations to the same overall standard. Desktop services example: Local stocks and/or existing support personnel are unlikely to be readily available at more remote locations, which will necessarily affect response and fix times. However, this need not prove problematic. The customer may really require a fast response only for core infrastructure run from, or used in, its main locations – in other locations it may well be able to tolerate a slower response. Another key consideration is whether to have service levels measured purely on a local agreement by local agreement basis, or to aggregate them to be measured at the overarching agreement level or perhaps on a regional basis. This allows a wider view to be taken of the global service delivery, but might also mean that serious issues arising in a single jurisdiction do not trigger the right remedies and/or escalation. Increasing and Reviewing Service Levels throughout the life of the agreement Increasing the standard and reviewing performance The customer may well want to impose an improving standard of service levels in order to incentivise or require improvements in performance. (Alternatively, the customer may require the service provider to refresh the technology and this will bring improvements to the services.) 31  |  Sourcing Reference Guide In so doing, it is important to realise the impact that fairly small percentage adjustments to a service level will have on the standard of service. For example, in the context of a 24 x 7 service requirement, a requirement for 99.99% availability over a 12 month period will only allow for about 30 minutes or so of down time over the whole year whilst a 0.49% reduction to 99.5% will equate to 43 hours or so of downtime. This, in turn, should translate itself into significant cost differences and risk premiums because of the system redundancy and disaster recovery arrangements that would have to be built in to reach that higher service level. Review Where the sourcing is first generation (i.e. in-house to service provider), the contractual service levels are often reviewed and adjusted 6-12 months into the service provision. This is a pragmatic approach to the difficulty customers face in accurately identifying and documenting the correct service levels before their first transfer from customer to service

32) SOURCING REFERENCE GUIDE provider. A service level review, and adjustment, is also common where the service provider is afforded an initial “bedding down” period after taking over the service (again, this is most common on a first transfer from customer to service provider). Beyond this stage, most service level adjustments will be subject to whatever change control or/review mechanism has been agreed between the parties. service levels (and the probability of being caught) must outweigh the saving of not making the investment. Equally, the costs of failing on different aspects of the services (to the extent that these are interrelated and/or that the cost of providing them by the service provider is interrelated) must not outweigh the profitability of the agreement for the service provider. This concept is explored further in Chapter 7 (Service Credits). The customer must carefully consider its needs as to service levels over the duration of its sourcing agreement and ensure that these requirements are included in a clear and measurable way within the agreement. Balance is the key. The customer will probably demand that specific elements of the services remain at the existing standard or improve. However attaching a service level to every element of the services can make the whole regime too complicated, time consuming and costly – preventing it from achieving the very improvements and incentives that it set out to achieve. Ensuring that the service provider makes the investment necessary to achieve the required availability goes beyond a contractual commitment. The cost of failing to reach the March 2014 Conclusion An example service level Software Support At a high level lies a blurred line between the service prescribed in the service definition and the service level attached to it: â– â–  Service: “to provide software support services 24 x 7”; or Service Definitions Service “to provide software support services” coupled with Service Level “24 x 7” Neither example is sufficiently precise for the sourcing agreement which might describe the concept as follows: â– â–  Service Level Software Support Services SSS Time to respond to call Time to commence fix Time to fix (once commenced) 3 rings within 1 hour within X hours SSS Category 1 Time to respond to call Time to commence fix Time to fix (once commenced) 3 rings within 30 minutes within 2 hrs 90% of the time within 4 hrs 95% of the time within 6 hrs 98% of the time within 12 hrs 99% of the time within 18 hrs 99.5% of the time within 24 hrs 100% of the time SSS Category 2 Time to respond to call Time to commence fix Time to fix (once commenced) 3 rings within 1 hour within 4 hrs 90% of the time within 8 hrs 95% of the time within 24 hrs 99% of the time within 48 hrs 100% of the time Availability Alternatively the agreement might measure the related concept of “availability”. The agreement now becomes one for the service provider to ensure that specified 32  |  Sourcing Reference Guide hardware and software is available (for use at specified minimum volume levels) 95 per cent or 98 per cent or even 99.999 per cent of the time.

33) SOURCING REFERENCE GUIDE 7. SERVICE CREDITS Foreword Sourcing Structures Sourcing Agreement Structures The Services Description Offshoring Timing, Delivery and Delay Service Levels Service Credits In a nutshell Key issues Performance monitoring  Changes to the service level and service credit regime Conclusion In a nutshell In the absence of a service level and service credits regime, a customer suffering poor performance might need to bring a breach of contract claim against its service provider before the issue is taken seriously. Clearly, this approach would not be helpful for either party. It is in both the service provider and the customer’s interests to focus on remedying any poor service performance rather than to spend resources on defending/bringing a related legal claim. The parties, therefore, usually agree a mechanistic way to compensate the customer for degraded service performance. First, reports comparing actual service performance to contractually agreed service levels are produced periodically. Then, where the service provider has under-performed, the information in the report is used to calculate in a formulaic way deductions (“service credits”) from the charges applicable for the relevant period. Tax This chapter focuses on the concepts behind, and common ways of structuring, service credit regimes. Service levels, to which the service credits regime applies, were considered in Chapter 6. Benchmarking and Continuous Improvement Key Issues Charging Models Compliance Data Protection TUPE and Employee Issues Termination Triggers Exit Management Subcontracting: Risk, Liabilities and Managing the Relationship Secondary Sourcing: Contract Renewal, Insourcing and Retendering Governance Intellectual Property Dispute Resolution 33  |  Sourcing Reference Guide The overall concept: remedy or price adjustment? Before developing a service credit regime it is vital that the parties agree the principle behind it. There are two schools of thought. â– â–  The first is that service credits operate as a remedy and provide the customer with pre-agreed financial compensation for degraded performance. It follows, in theory at least, that service credits are set at a level which reflects the predicted loss suffered by the customer should the performance of the services prove to be sub-standard. It is also arguable, in this model, that service credits should be the customer’s only remedy for poor performance (unless levels fall to a critical level);

34) SOURCING REFERENCE GUIDE â– â–  Alternatively, service credits can be seen as a price adjustment mechanism; if the service is substandard then the customer pays less. This model accepts that, potentially, the loss suffered by the customer for degraded performance is significant. It leaves open the possibility of the customer claiming damages for poor performance alongside service credits. (Any damages paid to the customer would most likely be discounted to take into account the part compensation via the service credit regime). Basic service credit regime As a minimum, every service credit regime needs to identify: â– â–  â– â–  â– â–  Performance Level Attained Much of what follows in this chapter needs to be read bearing in mind these two, alternative, approaches. the level of (under) performance at which service credits begin to apply; the size and calculation of the service credit deductions; and the acceptable minimum service level for each key element of the services Possible service debit zone (not common) Service levels “Acceptably unacceptable zone” service credits apply – may or may not be customer’s sole remedy Minimum service levels Unacceptable performance additional remedies are triggered Critical level/outage Critically poor performance – triggers additional remedies which may include termination rights Service Credits Agreeing the financial size of service credits In an agreement which treats service credits as a remedy, the customer should seek to set each service credit at a level which approximates its predicted loss for that particular service’s under-performance. The challenge with this approach is that often the potential loss to the customer far outweighs the level of risk which it is realistically viable for the service provider to accept given the anticipated profit margins on the overall agreement. For this reason, many agreements treat service credits as a price adjustment. Now compensation is set so that the service provider pays or credits the customer for underperformance at a level which acts as a fair incentive to the service provider to improve its performance but which does not represent the total loss to the customer. 34  |  Sourcing Reference Guide Where circumstances support it, it is possible to agree a hybrid where most service credits operate as a price adjustment but higher service credits (akin to compensatory liquidated damages) apply to particular key service levels in particular circumstances. Weighting Not all of the services will be equal in terms of importance to the customer and cost of provision. To reflect this in the service credits regime, services can be grouped and weighting applied. This weighting might reflect the consequences for the customer’s business of the absence or degradation of those particular services. Alternatively (and this would likely be a different grouping) the services could be grouped by cost of the services, with each group of services allocated a notional service charge and a percentage applied to each service element in the service group. If the service fails then the relevant percentage deduction is applied to the notional charge.

35) SOURCING REFERENCE GUIDE Caps on service credits The agreement might place a limit on the service provider’s exposure to service credits. Any cap on service credits is often a subject of much discussion during negotiations. Whilst the customer may, conceptually, like the idea that all of the service charges are at risk over the agreed measurement period, this is unlikely to find favour with the service provider which will, most likely, be keen to limit its exposure to a maximum of its anticipated profit margin. If service credits are expressed to be the customer’s sole and exclusive remedy then the cap on service credits is likely to be higher to reflect this. If, however, the customer succeeds in its argument that service credits should not be its sole and exclusive remedy, the cap on service credits may well be lower. Many service providers propose a monthly cap on service credits. However, from the customer’s perspective, an annual cap is arguably preferable because service credits which are not accrued in any one month are, effectively, reserved for subsequent months in the year. Earn back of service credits Sometimes it is appropriate to allow a service provider to potentially “earn back” service credits where it remedies its poor performance and this does not reoccur after a given period of time. If it is important for the customer to receive a quality service then this kind of incentive mechanism should be considered. The ratchet has the potential quickly to erode profit margins and therefore ensures that the customer obtains the service provider’s senior management attention. It also ensures that the service provider cannot “hover” in the regularly under-performing zone without incurring significant service credits. The sole and exclusive remedy? If service credits are genuinely intended to be an accurate pre-estimate of the customer’s loss, it follows that they should constitute its sole and exclusive remedy for underperformance. However, in reality, the consequences which can flow from a dip in performance are wide-ranging and might be far greater than the amount the service provider can commercially have at risk. This makes, the “one size fits all” approach to service credits unlikely to work. That said, regardless of whether service credits are being treated as a price adjustment or remedy for loss suffered, a customer may consider reserving additional rights, exercisable only where certain circumstances arise. The ability to claim damages on top of any recoverable service credits, and in extreme circumstances the right to terminate a service provision or possibly the agreement in its entirety might, for example, be available; â– â–  Ratchet – for repeated and persistent failures In structuring the service credit regime, the customer needs to give thought to the extent to which it will allow poor service performance to continue for an extended period of time without being able to take further action. What is the maximum period of time for which it could make do without a fully performing service? By attempting to answer this question, at least for the key services, the customer may consider applying a multiplier to the applicable service credit and to agreeing a cut-off point at which the customer can claim damages and/or terminate. In so doing, it is common to devise a service credits mechanism that has a “ratchet” so that if poor performance continues, the amount of money deducted from the charges increases (for the same under-performance). 35  |  Sourcing Reference Guide on failure to meet minimum service levels. Service credits are intended to deal with “acceptably unacceptable” levels of performance. The minimum service level for any particular service represents the bottom, or floor, of the customer’s service level “tolerance” for that service; â– â–  if data is lost or corrupted; or â– â–  if the service provider is found guilty of theft or fraud. Service debits Where appropriate sourcing agreements should incorporate a service debit scheme by which the service provider is rewarded for over-performance. In those cases where the customer is able to identify particular benefits from over-performance, it is clearly an incentive to service providers to include such a scheme. One favoured approach is to allow service debits to cancel out service credits rather than to have a specified monetary value in themselves.

36) SOURCING REFERENCE GUIDE Any service debit discussion should also consider the possibility that improving service levels over time might be built into the agreement. Performance monitoring The service levels and service credits framework is of little use without the monitoring of actual performance. Key is to agree a process which is both efficient (avoiding a “cottage industry” of measuring and reporting); and effective (meaning that service provider management is notified and motivated to resolve performance issues). The basic performance measurement tool is often a monthly performance report which is discussed in the agreement management forum. This report includes: â– â–  performance statistics for all established targets; â– â–  an analysis of actual performance against those targets; â– â–  details of any key incidents or exceptions; â– â–  â– â–  root, cause, analysis (why did any underperformance occur?); and recommendations/steps already underway for improving performance. For multi-country sourcings, another key consideration is whether to have service levels measured purely on a local agreement basis, or to aggregate them up to be measured at the master agreement level, or perhaps on a regional basis. Aggregation allows a wider view to be taken of the global service delivery, but might also mean that serious issues arising in a single jurisdiction do not trigger a significant level of service credits. The service provider may also prefer to tie service credits to the individual country where any issues have arisen, so as to link the “risk” of service credits with the “reward” of the level of billing in that jurisdiction. Chapter 6 (Service Levels) explained how seemingly small percentage changes in performance can prove significant in practice. To help senior management to understand the report’s numerical information, a RAG report (where performance is colour coded red, amber and green) can be invaluable. Many agreements also deem non-reporting, or failure to report in any meaningful way, as a failure to meet service levels (unless this resulted from the customer’s failings such as a failure to provide information). 36  |  Sourcing Reference Guide Changes to the Service Level and Service Credit Regime Over time, the customer may wish to add new service levels to reflect the delivery of additional services. Parties will then need to agree, via the change control procedure, the relevant service levels and any impact on the overall service level/service credit regime. However, to the extent that new services are variations on or similar to existing services, the existing service levels should be taken as the benchmark. At the time that the service level/service credit regime is established, the customer will, to some extent, be making an educated guess as to the impact on its operations of any particular under-performance. Because of this, the customer may wish to reserve the right to adjust the number of points or weighting which can be accrued if a particular service level is missed in order to reflect more accurately its impact. This should be acceptable so long as the change does not affect any overall cap on the maximum value of the service credits that can be claimed. The risk to the service provider is that the regime becomes unfairly biased towards a particular issue which is causing problems at a particular time. A reasonable compromise which should give the service provider some protection against this risk could be to cap the weighting applied to each service level. Conclusion Both parties benefit from a clear and structured service credits regime. It incorporates pricing flexibility into the sourcing agreement by providing the customer with a degree of financial recompense for under-performance; this in turn incentivises the service provider to meet the agreed service levels. Remember, the aim is to encourage and reinforce the service provider’s behaviour. Focus upon the services which really matter to the customer, be realistic as to what the service provider can offer, and keep measurement and reporting requirements proportionate. As a result both parties should be free to concentrate on correcting any performance issues without being distracted by formal proceedings. March 2014

37) SOURCING REFERENCE GUIDE 8. CHARGING MODELS Foreword Sourcing Structures Sourcing Agreement Structures The Services Description Offshoring IN A NUTSHELL The charging regime is a fundamental part any sourcing agreement and must achieve a number of things: â– â–  Timing, Delivery and Delay Service Levels Service Credits Charging Models In a nutshell â– â–   Process for establishing the most appropriate charging regime Pricing Models Price Variations Other relevant considerations Local perspective: Middle East â– â–  Conclusion Tax Benchmarking and Continuous Improvement Compliance Data Protection the customer should have a clear understanding of its existing costs for the services, and how the costs after the sourcing may differ. The charging regime must therefore set out, as clearly and concisely as possible, the price the customer is required to pay for the services. This sounds straightforward. In practice, however, the variety of pricing models and the differing ways in which charges can be structured can make this a challenging task. the charging regime must anticipate the wide variety of circumstances, both internal and external to the parties, which could affect the cost (to the service provider) of service delivery. Which of these circumstances should alter the price paid by the customer for the services and how will those price adjustments be calculated? the regime must also interact properly with other important parts of the agreement. For example: liability (since limits are often calculated by reference to charges); the service credits regime (which may operate as an automatic price adjustment mechanism); change control (which relies on a clear baseline with which to compare variations) and termination (to enable the calculation of any termination payments). The fact that these other areas will be evolving at the same time as the charges regime adds to the complexity of the task. Exit Management As a result, there is no such thing as a “one size fits all” charging regime. Instead, a range of options must be combined in a way which meets the underlying objectives of each party, the nature of the deal in question and available budgets. Subcontracting: Risk, Liabilities and Managing the Relationship Almost inevitably the charging regime forms a schedule to the agreement and the terminology in the rest of this chapter assumes this to be the case. TUPE and Employee Issues Termination Triggers Secondary Sourcing: Contract Renewal, Insourcing and Retendering Governance Intellectual Property Dispute Resolution PROCESS FOR ESTABLISHING THE MOST APPROPRIATE CHARGING REGIME In the initial stages, when the parties are considering what shape and structure the charges schedule should have, both should consider the following factors. â– â–  â– â–  37  |  Sourcing Reference Guide The customer’s top level requirements: for example, a charging schedule developed to provide cost certainty will look quite different to one which prioritises flexible charging for flexible service demands; Existing costs: it is in both parties’ interests to ensure that the customer does not find itself having procured an unaffordable service. Therefore the customer should have a clear understanding of its existing costs for the services, and how the costs after the sourcing may differ;

38) SOURCING REFERENCE GUIDE â– â–  â– â–  â– â–  Service provider’s expectations: similarly, the service provider should be given sufficient certainty of cost recovery and profit as early as possible in negotiations. A “brittle” contract, caused by a charges schedule which unduly penalises the service provider, does not benefit either party; Ease of Use: the charging schedule should be easily understood and straightforward to use in practice. Without this it will prove difficult to track whether payments are being correctly requested and made; Transparency: if variations to the charges are to be allowed, then the parties should ensure that there is a method for verifying these in a way which gives confidence to both sides; â– â–  Flexibility: it is inevitable during the course of the project that external factors will influence the cost of provision of the services. The charging schedule must anticipate these factors and decide whether and how these will impact the price to be paid by the customer. PRICING MODELS Initial Considerations As mentioned above, there are a number of different pricing models which may be used. Figure 1 summarises the pros and cons of certain common models. Figure 1 Type Time and Materials Cost plus Fixed price Pay as you go. No minimum volumes. Base cost/baseline volumes plus variable element at a pre-set fee per unit. Actual costs to the service provider plus a profit margin. Pre-agreed price. Pros Flexibility. Cons Lack of certainty. Simple to understand. “Pure” Transactional/variable “Impure” Transactional/variable Description Set rate per hour/day/work. Lack of discipline. Works where scope unclear. Shifts risk to customer. Flexibility. Unit cost might be too high Certainty and flexibility provided the unit is correct. Danger of setting the baseline incorrectly. Appears transparent. Not reflective of usage How accurate is it? Certainty. Is it the right price? Administrative ease. Fixed only for a certain scope. Allows like for like comparisons between bids. In practice, most projects involve not one of these models but a combination – for example a fixed charge for transition followed by a variable, unit based, charge for the operational services. Choosing the right approach for any given sourcing involves analysing what each model has 38  |  Sourcing Reference Guide What happens when the scope changes – increases or decreases? to offer, weighing up its benefits and disadvantages and comparing these against the customer’s business driver for sourcing the particular service or function in the first place.

39) SOURCING REFERENCE GUIDE Certainty v flexibility Probably the most significant issue is to strike the correct balance between certainty and flexibility. Figure 2 shows “at a glance” where different pricing models lie on the flexibility and certainty scale. Figure 2 pricing models flexibility Time and Materials “Pure” Transactional/ variable “Impure” Transactional/ variable Fixed Price certainty Inputs v outputs Another significant factor is whether the pricing will be calculated by reference to inputs or outputs: â– â–  Input-based pricing directly links the price to the amount of resources used by the service provider to deliver the service. Examples of “inputs” include day-rate pricing and pass through of third party costs. Input based pricing is relatively transparent and easy to calculate. However, from a customer’s point of view a service’s input cost might not reflect its value to the customer. Also, the customer’s service provider may be less incentivised to develop efficiencies under this model. Under output-based pricing the service provider is paid based according to what is delivered to the customer (e.g. calls handled; computing power provided). This is the more common model in sourcing, since it enables the customer to more closely align the pricing with the value to the business, and encourages innovation by 39  |  Sourcing Reference Guide Time and Materials pricing A time and materials (“T&M”) model is often used where the scope of the services is unclear. It benefits from being flexible and easy to understand but, if used completely unrestrained, shifts all of the pricing risk onto the customer. T&M operates most effectively in combination with upper charging limits and strong contract management to ensure the costs do not escalate out of control. It is often accompanied by an “open book”/“cost plus” mechanism, to give some greater control over the pricing, and this model often incorporates a discounted rate for services as volumes increase. Fixed Price Cost Plus â– â–  the service provider. However, ensuring that the unit price is set at the right level and that payments are only made for the correct outputs can prove challenging. A fixed price model has, on its face, certain obvious advantages. It is a simple model to understand (certainly compared with some of the other potential models where usage or other variables must be measured) and it should provide certainty for both sides. However, a poorly designed fixed price model can fail to deliver either certainty or clarity. This is particularly so where the scope of the fixed price is too narrow, or there are a large number of assumptions in the contract which prove to be incorrect. In these circumstances the service provider might seek additional charges which were unanticipated by the customer and (more importantly) fall outside its project budget. Such a scenario is difficult for both parties; the customer faces an increased bill and the service provider risks a deterioration in its relationship with the customer. In addition, a fixed price model may not represent the best deal for the customer. Its service provider will typically (and reasonably) build a premium into the fixed price to cover unexpected cost variations. It follows that, where the anticipated “unexpected” does not happen, the fixed cost might be higher than the total cost would have been under a time and materials model. What’s more, the fixed price model does not benefit from the flexibility inherent in a unit based pricing model, to ramp down the services (and therefore the cost) if demand falls.

40) SOURCING REFERENCE GUIDE Therefore, when considering a fixed price model: â– â–  â– â–  â– â–  the customer should allow the service provider to carry out sufficient due diligence (which will minimise the number of assumptions built into the model); both parties should ensure the boundaries of the fixed price contract, and the implications of over-stepping such boundaries, are well defined; both parties should ensure the services description is properly aligned with the pricing model; and position to avoid needlessly under-using the capacity it has (therefore over-paying) or blindly exceeding the banding (and therefore, potentially, exceeding its budget). PRICE VARIATIONS As mentioned, any charging schedule must anticipate how the underlying costs of providing the services might vary over time – and to what extent this will should affect the charges. Common variables include: â– â–  â– â–  the control management procedures should be precisely and sufficiently robustly to prevent abuse of the change control mechanism. Transactional/Variable/Unitary pricing â– â–  Often known as “pay as you go” or “unitary pricing”, the key to this pricing model is to ensure the correct unit is chosen and expressed in the agreement. For example, if the unit is a “call” to a helpdesk: â– â–  â– â–  â– â–  â– â–  does this capture all calls that are made, whether they are answered or not, or only those calls which are answered? â– â–  does it include emails? is there a way to prevent double counting if there is more than one call on the same issue? does it exclude calls which are a result of service provider failures? The “baseline” volume for each unit should be well understood in advance, as neither party will welcome actual volume levels which differ widely from expectations. Ideally the sourcing should include mechanisms for forecasting volumes and ways to deal with spikes in demand. Most transaction based models include lower and upper thresholds. The service provider will seek a minimum volume/payment to at least cover its fixed costs; customers will argue for a price ceiling. Some models take into account unit volumes but charge according to bands. In these “partially variable” models careful consideration needs to be given as to where to set the banding. Once agreed, the customer should monitor its 40  |  Sourcing Reference Guide â– â–  â– â–  Inflation/Indexation – what index should be used; how many of the charging elements will be subject to indexation; and should indexation be capped? Currency Fluctuations – particularly where the service provider is paid in one currency but incurs costs another (e.g. offshore). Usually one party accepts, and hedges against, currency risk. However, if currency fluctuations are allowed to affect the price, then the frequency of calculating these and any ceiling and/or floor on price movement should be agreed. Delay payments/service credits – a form of preagreed or “liquidated” damages payable usually for poor performance or, in some circumstances delay in reaching a milestone. For further details on service credit regimes see chapters 6 and 7 (Service Levels and Service Credit regimes). Gain-sharing – this operates to prevent the service provider making excessive profits from the outsourcing deal. For example it might be agreed that the service provider should receive a 10% return, but in practice it achieves a 20% return. Under gain share the extra profit is shared with the customer. The practical challenge is that gain share requires “open book” accounting with transparency from the service provider as to its profits. Benchmarking – in longer-term contracts (around 5 years or more), usually with commodity pricing elements or a likelihood that market price will fall over the term, an independent expert will review the pricing and decide whether it still provides good value to the customer. The expert’s view may automatically generate a price reduction for the services found to no longer be good value. Benchmarking is explored further in chapter 10.

41) SOURCING REFERENCE GUIDE OTHER RELEVANT CONSIDERATIONS No pricing model is complete without details of how payments are to be made and other more logistical considerations. Exact arrangements will vary from case to case, but will cover numerous areas ranging from the format of invoices to, in appropriate cases, withholding tax arrangements. Middle Eastern countries, even if interest on late payments is lawful, local practice may restrict the way in which the interest is calculated. Given that payment timeframes can be longer in the Middle East than in some other parts of the world, the ability to charge interest on late payments (or inclusion of a suitable alternative) is a real issue which therefore requires specific consideration of the local laws during the procurement and contract drafting process. Local perspective: Middle East Whether a service provider should be entitled to charge a customer interest on late payments, and the rate of such interest, is a topic which is often discussed and resolved fairly swiftly in the context of a sourcing agreement. This is not always the case in the Middle East where, in some jurisdictions, charging interest is strictly forbidden. For instance, in the Kingdom of Saudi Arabia, even if the parties agree to an interest on late payments clause, such a clause is likely to be found contrary to sharia principles and, therefore, unenforceable. In other CONCLUSION The customer and service provider may approach pricing with different, often opposing, goals. However an experienced team can guide the parties through negotiations, crafting a flexible charging structure which satisfies the needs of both. Figure 3 summarises some of these differing perspectives, and how the initial negotiation of these could be handled. April 2014 Figure 3 Issue Cost of service element/supply costs Service provider Perspective Hesitant to share profit margin and cost. Keen to pass on third party costs (and increases on these) to customer and also pass on the costs of its bid. Time to discuss the pricing model; pricing variations Keen to push back discussion on costs and pricing model until full due diligence conducted or verification complete (potentially after contract signature) and therefore keen to include a number of assumptions on which price is based. Keen to engage change control to allow for price variations. 41  |  Sourcing Reference Guide Customer Perspective Negotiation Approach Keen to obtain full picture of the cost of outsourcing service. Determine the key cost elements on which the pricing should be based and identify which elements are likely to vary the most, when and why. Needs accurate assessment of cost to ensure value for money. Both parties should consider if any elements of the pricing Needs to assess how much structure could be variable. This the service costs in-house to will all result in a more accurate ensure correct comparator. estimate of the actual cost of the service element. Crucial to understand costs Customer to set out the preferred at the outset to be able to do pricing model at RFP stage comparative assessment. to enable good comparative analysis between bidders. Needs to avoid being vulnerable to unpredictable Clearly draft change control changes to charging regime. mechanisms setting out when and how prices may vary (perhaps Seek to set parameters within setting bands of price changes as which pricing may vary if volumes/numbers change) and set circumstances may change. out what happens if assumptions are proven to be incorrect.

42) SOURCING REFERENCE GUIDE Providing the service will often cost a service provider more at outset (taking on new staff/equipment, new technology, establishing services) – therefore it will want to either front-load costs or perhaps agree to spread it over contract term for a higher contract price overall. Factors influencing Issue for service provider price (such as currency if paid in one currency fluctuations, inflation, but costs rise in another – milestone payments) discrepancies can arise, or windfalls. Consider pre-agreed formula for calculation of price for certain foreseeable changes/ additions to the service. Consider if customer could pay “start-up” fee as spreading the cost over the term could increase the overall project price. Need to avoid taking the hit Ascertain risk profile for both of currency fluctuations and parties and headroom in initial increased price. budget to determine who takes the foreign exchange risk. Milestone payments should Common for service provider not be “signed-off” before to undertake currency hedging, a period of successful liveIn respect of milestone but could push up overall price. payments, service provider running. Consider linking inflation needs to limit the grounds to a more appropriate index for automatic repayment than retail price based indices (to enable revenue to be (consider multi-jurisdictional “recognised” for accounting reach) and consider using purposes). different indices for different service elements. Link milestone payments to achievement of meaningful events. Regulatory compliance Concerned over committing Customer needs to ensure Discuss if service provider to their products/ service providers do not would have to make changes services complying with jeopardise its compliance regardless of any regulatory all applicable laws and with mandated rules, and changes affecting the customer regulatory requirements. that remedies are available and split costs of compliance to offset potential liability. proportionately. Contract Term Preference to have longer Ideally contract term with an Tendency now is to favour term contract as guaranteed initial period and an option to shorter term contracts (less revenue. extend so there is flexibility than 5 years). Having the for customer to look ability to terminate after elsewhere for a better deal. an initial term or the option to extend provides greater flexibility for both parties. Profit and savings Seek to maximise profit Seek to reduce service Balance needs to be struck (including through change provider profit so that it between value for money and control). is paying less for service. allowing the service provider Risk that pushing price enough profit to enable proper down too much could service delivery. result in declining service standards, service provider staff leaving and reduced investment in technology by service provider. 42  |  Sourcing Reference Guide

43) SOURCING REFERENCE GUIDE 9. TAX Foreword Sourcing Structures Sourcing Agreement Structures The Services Description Offshoring Timing, Delivery and Delay Service Levels Service Credits Charging Models Tax In a nutshell VAT Financial sector perspective Insurance sector perspective Offshoring Local perspective: Australia Conclusion Benchmarking and Continuous Improvement Compliance Data Protection TUPE and Employee Issues Termination Triggers Exit Management Subcontracting: Risk, Liabilities and Managing the Relationship Secondary Sourcing: Contract Renewal, Insourcing and Retendering Governance Intellectual Property Dispute Resolution IN A NUTSHELL Tax issues are central to any sourcing negotiations and should be considered from the outset as they can significantly impact both the cost and the risk of the sourcing project. In certain cases, it is prudent to obtain advance rulings from the relevant tax authority to achieve certainty of tax treatment; sufficient time should be made available for those rulings to be obtained within the overall planning timetable. VAT GENERAL PRINCIPLES For UK customers, VAT is often the most significant tax consequence of moving a previously in-house function or service to a third party, the service provider. When UK employees carry out administrative and other tasks in‑house, there are no supplies for VAT purposes. However, when the same work is carried out by a separate business, then for VAT purposes there will generally be a taxable supply of services, and VAT will need to be accounted for by the service provider. In turn, the service provider will add VAT onto its prices. For most customers outside the financial services, insurances, health and education sectors, the VAT charged by the service provider is no more than a cash‑flow cost because the VAT is recoverable from the tax authority as input tax. Indeed, VAT “washes through” generally because the service provider can recover VAT on all the costs it incurs in providing the services, and so there should be no element of irrecoverable VAT included in its charges to the customer. But for VAT‑exempt customers, which cannot recover much of the VAT they incur on costs, paying VAT on sourced services is a significant cost that must be factored in to the decision to move the function or service provision from in-house to a third party provider. It should be noted that some sourcings in the financial, insurance and educational sectors qualify for exemption, and these are discussed below, but sourced services of an administrative kind will be taxable. Did you know? In the past, it was more straightforward for UK customers to avoid the adverse impact of a VAT charge by ensuring that the service provider qualified as a member of a group for VAT purposes. However a clamp‑down on VAT avoidance means that this approach is unlikely to be effective where the service provider and the customer are not closely connected. Added to this, the EU “VAT package” in January 2010 changed the VAT treatment of many cross border services. VAT therefore became a real cost for EU businesses sourcing their administrative and back‑up services from low cost jurisdictions, whereas previously such services were VAT‑free. This made many EU businesses question the advantages of sourcing services from outside their local jurisdiction. 43  |  Sourcing Reference Guide

44) SOURCING REFERENCE GUIDE OFFSHORING Where a service provider supplies a customer with services cross‑border, the VAT rules are: 1. If the service provider has a “fixed establishment” in the same jurisdiction as the customer, VAT will be charged in that jurisdiction. (“Fixed establishment” means a permanent base or branch with sufficient human and technical resources to provide the services.) 2. If the service provider does not have a fixed establishment in the same jurisdiction as the customer, then the general rule for customers based in the EU is that the customer will need to account for VAT under the “reverse charge”. This means the service provider does not need to charge any VAT in its jurisdiction, but the burden of VAT accounting falls on the customer. The VAT for which the customer has to account to the tax authority is also recoverable as input tax from the tax authority if the customer is carrying on a fully taxable business. Accordingly: 2.1. or fully taxable customers the impact of VAT on f the reverse charge is simply a paper entry, without any cash‑flow cost; but 2.2. for VAT‑exempt customers the reverse charge represents a real cost (if it exceeds the cost of buying in the services from a service provider in the same jurisdiction). PLACE OF SUPPLY Where the service provider and the customer are based in the same jurisdiction, it is clear that VAT needs to be paid in that jurisdiction. In complex sourcing arrangements, however, where the service provider and the customer each have different entities and branches involved in several different jurisdictions, the parties need to reach a conclusion on the proper VAT analysis (i.e. who is supplying what to whom). Depending on the precise arrangements, there may be a single supply of services from the headquarters of the service provider to the headquarters of the customer, with the service provider’s associated entities providing sub‑contracted services to the headquarters of the service provider, and the headquarters of the customer supplying on those services received around its group. 44  |  Sourcing Reference Guide Alternatively, it may be that the contract between the headquarters of the service provider and customer simply sets out the basis of agreement between the parties, known as a framework agreement, whilst services are separately supplied at a local level by the local entities of the service provider to the local entities of the customer. (Sourcing Agreement Structures including framework agreements are discussed at chapter 2.) A proper analysis of the commercial arrangements must be carried out in order for the parties to fully understand the VAT implications and where the VAT liability falls. DRAFTING ISSUES The impact of VAT needs to be fully addressed in the sourcing agreement. The service provider will naturally want to pass on, as part of its costs, any irrecoverable VAT it incurs in providing the services, and any VAT chargeable on its services. The customer, on the other hand, will not wish to pay VAT on the services if it cannot recover all of the VAT. It may wish to negotiate both the impact of VAT and where the risk of VAT should fall. The following issues arise: 1. Is the service provider supplying the services from a business or fixed establishment outside the customer’s jurisdiction, so that the burden of VAT falls on the customer under the reverse charge? 2. What if the service provider sets up an establishment in the same jurisdiction as the customer during the life of the contract in order to perform the services? 3. If the customer cannot recover all its VAT, does it wish to negotiate (i.e. share the VAT cost) with the service provider? Should the fees be VAT exclusive (so the risk of VAT falls on the customer) or inclusive (so the risk of VAT falls on the service provider)? 4. If the customer is liable to account for VAT under the reverse charge, but the service provider has agreed to bear part or all of the VAT cost, the drafting must enable the customer to deduct the VAT from the fees payable to the service provider. 5. If there is a question mark over whether the service provider’s services are exempt or taxable, who will bear the risk of VAT? Should a ruling from the tax authority be sought? How is the application to the tax authority to be agreed?

45) SOURCING REFERENCE GUIDE 6. Is there a single supply of services with one VAT liability or a number of separate supplies of services, each with its own VAT liability? This concept is discussed below. â– â–  IS THE SERVICE PROVIDER MAKING MORE THAN ONE SUPPLY? It is important to distinguish between a single (composite) supply and a multiple (mixed) supply. â– â–  â– â–  In a single supply, there is only one overall type of supply and one VAT liability with no scope for apportionment. In a multiple supply, a single inclusive price is charged for a number of separate supplies of services, each with their own VAT liability. Where the VAT status of the different services differs the price needs to be apportioned between the different elements for VAT purposes. If there are a number of different services, but there is one principal, or dominant, supply in which the customer is most interested and to which the other services are ancillary or incidental, then for VAT purposes this is treated as a composite supply. The VAT treatment of the ancillary services then follows that of the principal service. There is also a single supply if the services are so closely linked that they form objectively a single indivisible supply which would be artificial to split, even if there is no principal supply. Generally in the context of sourcing, there is a main single composite supply for an all‑inclusive price comprising a single service for VAT, but the customer may add‑on additional optional services for additional fees. These additional optional services would typically be treated as separate supplies, with their own VAT liability. FINANCIAL SECTOR PERSPECTIVE In the UK, banks and other financial institutions typically have a low VAT recovery rate, because the bulk of their supplies are exempt from VAT. This means that much of the VAT they pay on sourcing services is a real cost – and so it is always important to consider whether the services may themselves be exempt from VAT. If they are, the service provider will be unable to reclaim the VAT it incurs on the costs to provide the services. However this additional cost will generally be far less than the VAT cost would be if the service provider was required to charge VAT on its services. There are two important areas where exemption may be available for sourced services. Both are encompassed within a Europe wide exemption for financial services that includes transactions including negotiation concerning deposit and current accounts, payments, transfers, debts, cheques and other negotiable instruments but excludes debt collection. This is a complex area but essentially the two exemptions are: 1. where the sourced service comprises, in itself, the execution of a financial transaction (so that the service itself  benefits from a VAT‑exemption for financial services); 2.  here the service provider provides the sourced services when acting as an intermediary. For example, the service w provider may help set the terms of the contract or make representations on behalf of a client. INSURANCE SECTOR PERSPECTIVE Just as in the financial sector, it is generally desirable for the service provider of services to a UK insurance company to be able to treat its services as VAT‑exempt, because insurers and reinsurers provide exempt insurance services, and cannot reclaim much of their VAT. EU VAT law exempts “insurance and reinsurance transactions, including related services performed by insurance brokers and insurance agents”. 45  |  Sourcing Reference Guide

46) SOURCING REFERENCE GUIDE The key question is, therefore, whether the sourced services can constitute “related services performed by insurance brokers and insurance brokers”, or if not whether they can constitute exempt services of “transactions including negotiation” in relation to financial services, discussed above. The UK VAT law implementing the relevant EU VAT law is somewhat more convoluted and exempts the provision by an insurance broker/agent of any of the services of an insurance intermediary related to an insurance transaction or reinsurance transaction provided the broker or agent is acting in an intermediary capacity. In the leading case, Andersen Consulting Management Consultants provided its customer with a complex package of back‑office functions; acceptance of applications for insurance, handling of amendments to the contract, management and rescission of policies, management of claims, paying commission to agents, managing IT and supplying information. The European Court of Justice held that these services were not VAT exempt because they did not include or involve the essential characteristic of insurance broker or agent – namely the introduction of prospective clients to an insurer. Accordingly, the services were taxable for VAT. To complicate matters, strictly speaking, the UK’s exemption is wider than that permitted by EU law and amendment is required to bring it into line with EU law. However no amendments have yet been made, pending the modernisation of the EU VAT exemptions for finance and insurance services. This modernisation process started several years ago but has stalled. However, we can expect the UK Government to introduce changes in due course to narrow the UK insurance exemption. In the meantime, services such as claims handling assistance in the administration and performance of contracts and run‑off services can still be treated as exempt under UK law even though they would not involve the essential characteristics of an insurance agent or broker as defined by the Andersen decision. In consequence, there is much uncertainty in practice in this area and both service providers and customers need to discuss and agree carefully where the risk of VAT falls at the start of the relationship as well as the consequences of any changes in law. Another difficult area is whether the exemption can apply where the introductory services of the service provider are provided via the internet. A 2010 English Court of Appeal case decided that such web‑based services could be exempt if the services affected the means by which a person seeking insurance could be introduced to a provider of insurance. It was not necessary for the services to involve contract negotiation. OFFSHORING Where a decision‑making process/function is being moved offshore, a number of additional tax related issues need to be considered. For UK customers these are typically: â– â–  â– â–  â– â–  â– â–  â– â–  Should the offshore function be carried on by a different legal entity, or by a branch? What price should be paid for the services from the offshore location? Transfer pricing principles will apply which means that the price paid to the offshore business should be at an arm’s length for tax purposes. If the offshore function is performed by a branch, does it constitute a permanent establishment? 46  |  Sourcing Reference Guide â– â–  â– â–  What are the local tax compliance issues in the offshore location? What are the employment taxes? What is the tax impact if an employee is seconded to the offshore location for a period. What is the VAT impact of the services supplied by the offshore location (see above)? If third parties supply services to the business, to what extent can they be treated as supplied to the new offshore location? Does this save tax?

47) SOURCING REFERENCE GUIDE LOCAL PERSPECTIVE: AUSTRALIA GST In the same way that VAT is critical to UK analysis, in Australia often the most critical tax impact will be the Goods and Services Tax (GST) which the service provider is required to charge on the supply of its services. This is particularly relevant for customers which cannot recover all the GST that they may incur on sourced services because their supplies are input taxed (e.g. banks, financial institutions, life insurance companies and businesses that lease residential premises (including retirement villages)). GENERAL PRINCIPLES When employees carry out administrative and other tasks in‑house, there are no taxable supplies for GST purposes. When the same work is carried out by a separate business, however, then for GST purposes there will generally be a taxable supply of services, and GST will need to be accounted for by the service provider. In turn, the service provider will add GST onto its prices. For most customers outside the financial services and residential leasing sectors, the GST charged by the service provider is no more than a cash‑flow cost. This is because the GST is recoverable as an input tax credit (GST credit). In contrast, entities that make input taxed supplies may not be able recover much of the GST they incur on costs. Consequently, for such entities paying GST on sourced services, GST is a significant cost which needs to be factored in when the decision to source the services from a third party is made. GST IMPACT OF OFFSHORING Where a service provider supplies a customer with services cross‑border, the rules are as follows: 1. If the service provider has a “fixed establishment” in Australia and provides the services through that fixed establishment, GST may be applicable. 2. If the service provider does not have a fixed establishment in Australia and performs the services outside of Australia, it is likely that the services will not be “connected with Australia” for GST purposes (and hence not subject to GST). 3. If the recipient of the services uses those services to make input taxed supplies and the services are not “connected with Australia”, the recipient may be required to pay GST on the acquired services (referred to as “reverse charged” GST). INCOME TAX The Australian income tax issues are similar to those in other countries. These include: â– â–  â– â–  What is the nature of the payment (royalty, service fee, other)?; Are the payments made to a non-resident and if so, are there Australian withholding tax issues in relation to royalties or interest? 47  |  Sourcing Reference Guide

48) SOURCING REFERENCE GUIDE â– â–  â– â–  â– â–  Does the sourcing agreement include a clause which grosses up any withholding tax? Should it do so where the non-resident recipient can claim a credit in its home jurisdiction? Does the sourcing agreement clearly distinguish between payments that will be subject to withholding tax (e.g. royalties and interest) and those that are not (distribution, marketing, management or service fees). Are separate contracts preferred? and Where services are provided by related parties, how is the pricing determined and documented (so as to comply with transfer pricing rules)? CONCLUSION Sourcing contracts give rise to significant tax issues in many jurisdictions – in particular in the context of taxes imposed on services (such as VAT in the UK and GST in Australia). Both the service provider and the customer need to understand, from the outset, what the tax implications of the service provider’s services are likely to be and in which jurisdiction the relevant tax liability will fall. Direct tax issues also cannot be ignored. Transfer pricing principles apply when services are provided between associated entities, or between two branches of the same 48  |  Sourcing Reference Guide company, and this is likely to be an important issue where the service provider sub‑contracts part of the services intra‑group. It must ensure that an arm’s length price is paid for such services. Permanent establishment and withholding tax issues must also be addressed as must income tax. April 2014

49) SOURCING REFERENCE GUIDE 10. BENCHMARKING AND CONTINUOUS IMPROVEMENT Foreword IN A NUTSHELL Sourcing Structures One of the challenges in any long term outsourcing is to capture, within the sourcing agreement, the need for services to evolve so that they remain competitively priced, high quality and can justify the customer’s decision to source them in the first place. Sourcing Agreement Structures The Services Description Offshoring Timing, Delivery and Delay Service Levels Service Credits Charging Models Tax Benchmarking and Continuous Improvement In a nutshell What is benchmarking? Key issues for benchmarking The benchmarking process What is continuous improvement?  issues for continuous Key improvement Conclusion Compliance Data Protection TUPE and Employee Issues High level objectives may not be enough to achieve this and sourcing agreements usually contain a variety of mechanisms and requirements to formalise the aim. Benchmarking and Continuous Improvement provisions are two such mechanisms. Essentially: â– â–  â– â–  Benchmarking is about testing competitiveness (of the agreement price, performance and, sometimes, the type of services.) It involves an independent third party, the benchmarker; Continuous Performance is concerned solely with identifying and implementing service improvements. Each mechanism is explained within this chapter. However both should also be considered in the context of the other mechanisms within the sourcing agreement which, together, help to retain the initial commercial and technical reasons behind the outsource (see Figure 1). Figure 1 Contractual mechanisms to support a competitive outsource Transformation Activity â– â–  Secondary Sourcing: Contract Renewal, Insourcing and Retendering Service Levels/ Credits regime a new/upgraded operating platform â– â–  Exit Management a re-engineered process â– â–  Termination Triggers Subcontracting: Risk, Liabilities and Managing the Relationship Changing the way in which the services are to be provided through: a technology refresh plan â– â–  making existing service levels more onerous over time â– â–  introducing new service levels â– â–  Governance Intellectual Property Charges retaining the ability to vary the allocation of service credit accrual between service levels most favoured customer provisions â– â–  Dispute Resolution â– â–  price reductions over time â– â–  â– â–  Benchmarking open book accounting (more common in public than private sector agreements) gain/value sharing Testing competiveness â– â–  â– â–  49  |  Sourcing Reference Guide of type of service â– â–  Continuous Improvement of price of performance Identifying and implementing service improvements

50) SOURCING REFERENCE GUIDE other elements such as service specification or service levels might still be appropriate (but may be resisted as the outcome will probably increase underlying costs). WHAT IS BENCHMARKING? The benchmarking process involves a third party organisation comparing the sourcing in question against other similar sourced services and reporting as to the competitiveness of the sourcing under review. Most obviously the price (of providing similar services to similar locations etc) is benchmarked but other aspects of the overall offering can also be tested such as the services themselves. KEY ISSUES FOR BENCHMARKING â– â–  â– â–  To benchmark or not? Benchmarking is considered best practice by most customers but may not always be appropriate. See Figure 2, but factors to consider include: â– â–  â– â–  Time and Expense – A benchmarking exercise is time consuming and costly and there is also the time/cost of negotiating the contractual mechanism. Will the right be invoked? – Benchmarking is not often used in practice, although it can increase the bargaining position of a customer. Agreement Term and Timing – The longer the agreement term the more likely that it is appropriate to benchmark. It is worth noting also that renewals/break clauses offer up an opportunity for the customer to conduct a de facto benchmark. The Charging Model – For fixed price services, the potential to reduce charges through benchmarking may undermine the overall pricing model. Benchmarking Figure 2 Mechanisms for managing ongoing service competitiveness Issues Will the right to benchmark be used? To Benchmark or not? Most favoured customer Time and cost of negotiating benchmarking terms in contract Cost of using benchmarker Continuous Service improvement level monitoring Open book accounting Considerations Are the services suited to benchmarking? Bench marking Frequency of benchmarking Procedure for appointing benchmarker Governance Benchmarking terms Scope of review eg price, service levels, service specification Implementation obligations Scope of dispute procedure Input from parties on samples, comparables, factors to take into consideration 50  |  Sourcing Reference Guide

51) SOURCING REFERENCE GUIDE Certainty of Outcome From a customer’s point of view the benchmarking mechanism should include an obligation on the service provider to implement the benchmarker’s findings. However, a service provider can mitigate the risk of having to implement a, somewhat unknown, finding. For example, it should ensure that the process is fair (see below), seek longer timescales for implementation and, possibly, might negotiate the right to terminate the service rather than implement the benchmarker’s findings. THE BENCHMARKING PROCESS What methodology should be adopted? Benchmarking can be seen as a “hostile” act of the customer, used to achieve price reductions. Unsurprisingly this view is more likely where the benchmarker is retained to act for the customer; an approach which can lead to negotiations and even disputes (e.g. as to the reliability of the data or the basis on which comparisons have been made). However the process can be more acceptable to the service provider where the benchmarker is selected from an agreed pool of independent organisations and the service provider is allowed to comment upon the findings of an “interim benchmark report”. An alternative is to treat the benchmarker more as an independent expert and to involve it in the agreement negotiation process. This can extend the overall negotiation time for the sourcing agreement and the benchmarker may impose its own views (e.g. as to the number of benchmarks to be carried out). However, it does make for a less controversial benchmark exercise when the time comes. Certainly, the outsourcing agreement should contain obligations on both parties to co-operate with the benchmarker and to provide all necessary information and resources. Frequency of benchmarking Customers usually wish to retain the right to specify when a benchmarking exercise is to be conducted. A service provider will require sufficient prior notice and will look to limit the number of times a benchmarking exercise can be undertaken (and the period of time between each exercise). Benchmarking is rarely appropriate during a transition/ transformation period. After this it is typically available annually for commodity services and perhaps once every two to three years for more complex or bespoke services. That said, particular projects can justify a different approach. Approach to the comparison Any benchmarking comparison must be fair, comparing like with like. The benchmarker should have a database of information about deals. For standard services (e.g. desktop support) there should be sufficient data available for the comparison exercise. However more individual projects are less easy to benchmark. The sourcing agreement will include adjusting factors to be applied to ensure a fair comparison between projects. Examples of adjustment factors are set out in Figure 3. Example adjustment factors: General Scope, scale, complexity, specific nonstandard requirements, diversity and (required) location of services (onshore/offshore), length of agreement term Finance related Financial “engineering” (e.g. flattened charges), costs of capital, recovery of investments made by a service provider Risk related Extent of service provider’s responsibility and control, required service levels (i.e. difficulty of achieving service levels), volumes and volume variations, customer’s remedies such as service credits, liquidated damages, exposure to other damages and limitation of liability Account management Extent of obligation around CRM, coordination, integration, governance, reporting, billing and management information Outsource v in-house Reduced corporate overhead costs associated with novating third party agreements, finance accounting, administration, HR etc. 51  |  Sourcing Reference Guide

52) SOURCING REFERENCE GUIDE Having adjusted the price to reflect any relevant factors, the benchmarker will perform a statistical analysis. Assuming an open procedure is being adopted, the benchmarker will produce a preliminary report and invite comments from both sides before producing a final report. Partial benchmarking Customers often require the right to benchmark discrete elements of the service. However care needs to be taken to ensure that the element of the service under investigation is not being examined out of context. Cherry picking the cheapest prices, particularly for commodity services, will distort the fairness of a comparison. Representative sample It is advisable to agree at the outset of the exercise how many comparables constitute a representative sample to ensure that any statistical analysis is meaningful. The service provider will (understandably) want to narrow the scope of a valid comparable. However, if the scope is too specific there is a real risk that a representative sample will never be achieved. More seriously, both parties should appreciate the legal issues that may arise where, because of the lack of adequate aggregation of the data, sensitive information about other companies’ pricing can be deduced. This risk is heightened where the service provider is part of a consolidated market with few players. As a result, most parties will use one of the larger benchmarking organisations which: (a) has sufficient data to ensure a meaningful comparison is achieved; and (b) will be aware of the competition law sensitivities. Additionally, a service provider should impose obligations of confidentiality upon the benchmarker and ensure that any benchmarking reports, and other benchmarker communications, are confidential. Setting the benchmark The whole exercise is about competitiveness, but the customer needs to decide where it wishes to be positioned against the market. The cheapest deal may be a lossmaking transaction for the particular service provider and so sourcing agreements often require charges to 52  |  Sourcing Reference Guide fall within the top quartile (i.e. the lowest 25% of the range) for other similar agreements for similar services. If the customer insists on being in the top decile (i.e. the cheapest 10%) the risk of the analysis being distorted by “outlying” unreliable data is much greater and the service provider will look for additional protection. Implementing the benchmarker’s recommendations The benchmarker’s final report may conclude that the price and/or service specification or service levels are not in line with the market. The customer will want to ensure that price can only go down, not up. For the service provider, the issue will be the extent to which price reductions and/or service level improvements can be imposed on it. The service provider will, of course, add a risk premium if it considers that it is exposed to mandatory price reductions. The agreement should provide for a fixed point in time by which the benchmarker’s recommendations should be implemented. The service provider may want to negotiate a right to terminate rather than accept the obligations created by the benchmarker’s proposals in all circumstances. This “get out” for the service provider becomes more important where the process is adversarial. From the customer’s perspective a “get out” for the service provider is rarely a satisfactory outcome and it undermines the cost and effort of conducting a benchmarking exercise if it cannot be implemented afterwards. Benchmarking costs The customer will hope to share the costs of the benchmarking; the service provider will probably argue that, where the benchmarking exercise shows that the service provision is competitive, those costs are picked up by the customer. In practice, often the parties will agree to share the costs for a benchmarking at predefined intervals but any additional benchmarking exercises required by the customer to be at the customer’s cost. Realistically the customer will pay for the agreed shared benchmarking costs anyway, because the service provider will factor this in to its charges to the customer.

53) SOURCING REFERENCE GUIDE WHAT IS CONTINUOUS IMPROVEMENT? Continuous Improvement provides a process by which a service provider is obliged to identify, and to implement, identified improvements to the services. The continuous improvement clause within an outsourcing agreement will: â– â–  â– â–  â– â–  â– â–  identify the types of improvement which the customer is looking to achieve (e.g. improved service; reduced cost; technological innovation); put in place both immediate and long-term methods for identifying and monitoring the achievement of such improvements (e.g. by including various reporting obligations in the agreement management/governance schedule); address the consequences of implementing such improvements on other aspects of the agreement (e.g. the service provider’s pricing model; the service levels); and align the continuous improvement provisions with other improvement mechanisms (e.g. benchmarking provisions and technology refresh plans). KEY ISSUES FOR CONTINUOUS IMPROVEMENT Improvement as a whole The customer’s aspirations must be realistic and take into consideration the overall effect of other relevant mechanisms on the service provider’s cost base and pricing model (see Figure 1). The agreement must be clear as to which provisions apply to an improvement. For example, if the standard of certain service levels is to be increased, will this be under the normal change control mechanism (which involves a negotiation) or under continuous improvement provisions (which may dictate the effect the service level increase has upon charges). 53  |  Sourcing Reference Guide Agreement process Whilst each party is usually allowed to suggest improvements, a service provider will usually insist on a joint forum for agreeing such improvements and insist that all agreed improvements should be incorporated in the agreement only through a change control mechanism. This is equally important for both parties as it makes it clear how the services are being changed, the effect of those changes on service levels and other relevant areas of the agreement and, finally, which improvements incur additional charges and which do not. Costs and savings It is important that some of the savings made from the continuous improvement exercise are passed on to the customer. A customer may insist that where implementation of continuous improvement actually results in the reduction of the service provider’s costs in providing the services, the resulting savings made by the service provider are all passed on to the customer (or at least shared between customer and its service provider) through an immediate reduction in the charges. Conversely, where the implementation of continuous improvement would result in an increase of the service provider’s cost it would be unrealistic for the customer to expect such implementation to be free of charge. In such circumstances, the customer should expect at least to contribute towards the service provider’s costs, otherwise there is a risk (particularly in a long-term agreement) that, over time, the cost of supplying the services may either exceed the price which the customer is paying or reduce the service provider’s profit margins substantially. Realistically, this situation means that the service provider ceases to be incentivised to deliver a quality service – defeating the object of the exercise and risking a deterioration of the relationship between the parties. Typically, a service provider will always wish to reserve its right to revisit its pricing model and the charges payable for the services if improvements to the services have an adverse impact on its cost base/margin. Also typically (but in diametric opposition to the service provider’s objective), the customer will wish to ensure as

54) SOURCING REFERENCE GUIDE little upward movement in the agreed price as possible and a reduction in price if continuous improvement reduces the service provider’s cost base. These competing demands mean that, in practice, continuous improvement regimes can become largely aspirational where (a) there is too much risk for the service provider to suggest improvements which could undermine its margin and (b) the service provider’s enthusiasm for delivering an improvement in the quality of service is diminished by the lack of (monetary) incentive. Further considerations Other issues to consider are whether the source of generation of the idea for improvement should be reflected in the sharing of gains. Customers are inclined to take a dim view of sharing substantial parts of the savings achieved as a result of the customer’s suggested innovation. Customers are also frequently interested in considering what remedies, if any, should be available to the customer where the service provider never or rarely comes up with any ideas for improvement. What methodology should be used? The type of method used depends on the level of sophistication of the customer and the respective bargaining positions of the parties. A service provider will often seek to have soft targets and broad principles in the agreement without necessarily pinning anything down. Conversely, a customer will prefer to have as many defined targets as possible upfront (e.g. percentage savings), with predetermined processes for identifying future cost savings, managing proposed ideas and sharing cost reductions/gains. Additional considerations for the customer, particularly where an improvement is generated by the customer, are whether to allow the service provider to pass on the 54  |  Sourcing Reference Guide resulting benefit to the service provider’s other customers at all or after an agreed period of exclusivity. Often, a customer’s decision will depend on whether it believes the relevant improvement will give it a competitive edge. Where a cost saving idea is generated by the service provider, it would usually consider it as part of its methodology and would wish to be free to use it in its dealings with other customers to help it maintain its competitive edge in the marketplace. Implementation Even where a successful continuous improvement regime is established by the parties in the agreement, effective implementation of that regime is often a real challenge. Sufficient internal resources have to be given by both parties to manage any proposed ideas by either party in order to ensure that improvements are properly tracked and followed through the agreed process. Without this commitment there may never be a transition from ideas to concrete improvements, demotivating the service provider and frustrating the customer. CONCLUSION There are many issues to consider in drafting effective benchmarking and continuous improvement obligations both on a micro level (clause by clause) and on a macro level (what are the clauses trying to achieve, what other mechanisms in the agreement will achieve the same?). These are uncomfortable provisions for a service provider, who will typically seek to keep them broad unless it is allowed to share in the benefits. If this is not the case then it is often down to the customer to push for these mechanisms to be included in an enforceable and realistic way. April 2014

55) SOURCING REFERENCE GUIDE 11. Compliance Foreword IN A NUTSHELL Sourcing Structures When negotiating sourcing arrangements the parties will, understandably, focus upon what services are being delivered, to what standard and for what price. However, the proposal may also need to take into account regulatory requirements. The obligation to fulfil regulatory requirements tends to fall upon the customer rather than its service provider. Therefore, as part of its preparation, the customer should consider: (a) whether or not its regulator must be notified of the proposal to source in house services from a third party; and (b) whether or not any particular contractual protections within the sourcing agreement are considered to be mandatory, or best practice, by its regulator. Sourcing Agreement Structures The Services Description Offshoring Timing, Delivery and Delay Service Levels Service Credits Charging Models Tax Benchmarking and Continuous Improvement Compliance In a nutshell UK financial services regulation Insurers  Pre-contract due diligence and contract terms Supervision Sarbanes-Oxley Act (“SOX”) Other Compliance Issues Local perspective: Middle East Conclusion Data Protection TUPE and Employee Issues Termination Triggers UK financial services regulation Two regulators The principal source of financial services regulation in the UK is the Financial Services and Markets Act 2000 (“FSMA”) as amended by the Financial Services Act 2012 (“FS Act”). The FS Act came into force on 1 April 2013 and introduced a number of changes to the UK framework for financial services regulation. It abolished the single regulator, the Financial Services Authority (“FSA”), and replaced it with a new “twin peaks” model separating out prudential and conduct regulation, with the responsibility for each divided up between two new regulators, the Prudential Regulation Authority (“PRA”) and the Financial Conduct Authority (“FCA”) respectively. Various pieces of associated secondary legislation have also been made although there has been no direct impact on the rules in relation to outsourcing/sourcing arrangements. Note: The rest of this chapter refers to “Outsourcing” which is consistent with the terminology used by the regulators. Secondary Sourcing: Contract Renewal, Insourcing and Retendering The rules in relation to outsourcing continue to affect all authorised firms (Firms) under the FSMA be they deposit takers (banks, building societies and credit unions), insurers and some large investment firms all of which will now be dual regulated by the PRA and FCA, or smaller firms which fall outside the remit of the PRA and will only be regulated by the FCA as a result. The rules also continue to apply to those authorised firms that outsource their operations offshore. Governance Broad definition of Outsourcing Exit Management Subcontracting: Risk, Liabilities and Managing the Relationship Intellectual Property Dispute Resolution As a result of these changes, there are now two separate Handbooks (copies of which can be found on the websites of each regulator, for the PRA at: http:// fshandbook.info/FS/html/PRA and for the FCA at: http://fshandbook.info/FS/ html/FCA). That said, the majority of the existing provisions contained in the FSA Handbook remain in place and the definition of outsourcing remains in both Handbooks as: “the use of a person to provide customised services to a firm other than: 1. a member of the firm’s governing body acting in his capacity as such; or 2. an individual employed by a firm under a contract of service”. 55  |  Sourcing Reference Guide

56) SOURCING REFERENCE GUIDE Importantly, this is a broad definition which can include intra-group, regulated entity to regulated entity and regulated entity to third party outsourcing. Both the FCA and the PRA have also adopted the definition set out in article 2(6) of the Level 2 Implementing Directive of those activities which constitute an outsourcing for the purposes of the Markets in Financial Instruments Directive (“MiFID”). This states that outsourcing means: “an arrangement of any form between a firm and a service provider by which that service provider performs a process, a service or an activity which would otherwise be undertaken by the firm itself ”. Both the FCA and PRA Handbooks define “material outsourcing” as: “outsourcing services of such importance that weakness, or failure, of the services would cast serious doubt upon the firm’s continuing satisfaction of the Threshold Conditions or compliance with the Principles [for Businesses].” Approach to outsourcing In general terms, both regulators take an approach to outsourcing which derives (in part) from Principle 3 of the Principles for Business which continues to apply to both PRA and FCA regulated firms1. Principle 3 states that: “a firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems”. â– â–  â– â–  â– â–  1 “A firm must deal with its regulators in an open and cooperative way, and must disclose to the appropriate regulator appropriately anything relating to the firm of which that regulator would reasonably expect notice” To comply with Principle 11, Firms are required to give the appropriate regulator prior notice of a proposal to enter into a material outsourcing arrangement (SUP 15.3.8(e)R). To comply with Principle 11, a Firm should comply with SUP 2.3.3G. This is set out in further detail below under “Supervision”. Both dual regulated Firms and FCA regulated Firms should consider the FCA and PRA Threshold Conditions as applicable. In particular, Threshold Condition 5 (Suitability), which requires Firms to ensure that they conduct their affairs soundly and prudently. A firm’s outsourcing arrangements must meet these requirements. Systems and controls Following Principle 3 of the Principles for Businesses, a Firm should take reasonable care to supervise the provision of outsourced functions by its service provider. The Senior Management Arrangements, Systems and Controls sourcebook (SYSC) contained within both Handbooks provides more guidance on (amongst other things) systems and controls, and outsourcing in the financial services sector within SYSC 3 and SYSC 8. Firms are required to take reasonable care to supervise the provision of outsourced functions by service providers. Under SYSC 3, a Firm must take reasonable care to establish and maintain such systems as are appropriate to its business (SYSC 3.1.1R) and a firm cannot contract out of its regulatory obligations (SYSC 3.2.4(1)G). A Firm should also take steps to obtain sufficient information from its service provider to enable it to assess the impact of outsourcing on its systems and controls (SYSC 3.2.4(2)G). Firms should take steps to obtain sufficient information from their service providers to enable them to access the impact of outsourcing on its systems and controls. Chapter 8 of SYSC implements the relevant provisions of the Capital Requirements Directive (“CRD”) and MiFID. It sets out In practice this means that: â– â–  Principle 11 of the FCA and PRA Principles for Businesses states that: Firms cannot outsource their regulatory obligations. Firms must give the appropriate regulator effective access to data related to the outsourced activities as well as to the service provider’s business premises; Principles 5, 6 and 7 are no longer applied by the PRA as they are associated with conduct of business matters. 56  |  Sourcing Reference Guide

57) SOURCING REFERENCE GUIDE outsourcing rules for “common platform firms” which essentially consist of the following types of dual regulated and FCA regulated firms: â– â–  â– â–  â– â–  BIPRU firms: broadly, UK authorised banks, building societies, MiFID firms. certain other firms including UCITS managers carrying on MiFID business. The SYSC 8 rules apply to activities conducted from a UK establishment or an EU branch of a UK Firm, but not to incoming EEA firms. (An incoming EEA firm is a firm which is exercising, or has exercised, its right to carry on a regulated activity in the UK in accordance with its EEA Passport Rights). The rules vary depending on the nature of the outsourcing. A number of detailed requirements apply to outsourcing of critical or important operational functions. Requirements relating to the outsourcing of critical and important functions or any “relevant services or activities” apply as rules. For any functions being outsourced, noninsurance firms (whether common platform or not) are required to take account of it. An operational function is regarded as critical or important if a defect or failure in performance of the outsourced activity materially impairs the continuing compliance of the Firm with: â– â–  â– â–  â– â–  â– â–  exempt CAD firms: broadly, investment firms that only advise, receive and transmit orders and do not hold client money. Other Firms, which are not common platform firms, are to take account of SYSC 8 as if it were guidance (SYSC 8.1.1A and 8.1.5A). â– â–  When a “common platform firm” outsources its operational functions to a third party, it must: the conditions and obligations of its authorisation or its other obligations under the regulatory system; its financial performance; or the soundness or continuity of its relevant services and activities2. SYSC 8.1.4 SYSC 8.1.1 4 SYSC 8.1.6 5 SYSC 8.1.7 6 SYSC 8.1.8 2 4 57  |  Sourcing Reference Guide take reasonable steps to avoid undue additional operational risk. not impair the quality of its internal control or the ability of the appropriate regulator to monitor the firm’s compliance with all obligations under the regulatory system and, if different, of a competent authority to monitor the firm’s compliance with all obligations under MiFID3. When outsourcing functions that are non-critical or important, Firms should “take into account’ the rules in a manner proportionate given the nature, scale and complexity of the outsourcing. For “critical or important” operational functions or the outsourcing of “relevant services and activities”, in relation to any firm: â– â–  â– â–  â– â–  â– â–  outsourcing must not result in delegation by senior personnel of their responsibility. the relationship and obligations of the firm towards its clients under the regulatory system must not be altered. the conditions with which the firm must comply in order to be authorised, and to remain so, must not be undermined. none of the other conditions subject to which the firm’s authorisation was granted must be removed or modified4. A common platform firm must exercise due skill, care and diligence when entering into, managing or terminating any arrangement for outsourcing of critical or important operational functions or of any relevant services and activities5. A firm is also under an obligation to notify the appropriate regulator when it intends to rely on a third party for the performance of operational functions.

58) SOURCING REFERENCE GUIDE Documentation and due diligence â– â–  Documentation/due diligence considerations for a customer to consider may include the following service provider obligations6: â– â–  â– â–  â– â–  â– â–  â– â–  It should have the ability, capacity and authorisation to perform the functions reliably and professionally. It should protect any confidential information relating to the firm and its clients. It should establish, implement and maintain a contingency plan for disaster recovery and periodic testing of backup facilities where necessary. Disclosure obligations â– â–  â– â–  â– â–  The service provider should disclose to the Firm any development that may have a material impact on its ability to carry out the outsourced functions effectively and in compliance with applicable laws and regulatory requirements. The service provider should co-operate with the appropriate regulator and other relevant competent authority. The Firm, its auditors, the appropriate regulator and any other relevant competent authority should have effective access to data related to the outsourced activities and to the service provider’s business premises and the appropriate regulator and any other relevant competent authority must be able to exercise those rights of access. Oversight requirements â– â–  7 Intervention powers to be reserved by the customer â– â–  It should carry out the outsourced services effectively. It should properly supervise the carrying out of the outsourced functions and adequately manage the risks associated with the outsourcing. The firm should establish methods for assessing the standard of performance of the service provider. SYSC 13.9 58  |  Sourcing Reference Guide The firm should retain the necessary expertise to supervise the outsourced functions effectively and to manage the risks associated with the outsourcing and must actually do so. â– â–  Appropriate action might need to be taken if it appears that the service provider may not be carrying out the functions effectively and in accordance with applicable laws and regulations. The service provider should be able to terminate the arrangements for the outsourcing where necessary without detriment to the continuity and quality of its provision of services to clients. Insurers SYSC 13 covers systems and controls for establishing and managing systems and controls concerning insurers, in relation to the management of operational risk. As operational risks may vary from Firm to Firm, depending upon factors such as the nature of the Firm’s customers, the risk culture and human resources at the Firm, and the business operating environment, insurers should assess the appropriateness of the guidance in SYSC 13 in light of the scale, nature and complexity of their own activities as well as their obligations under Principle 3 to organise and control their affairs responsibly and effectively. Firms should continually consider the operational risks that could apply to them, and reassess their practices accordingly when outsourcing. Firms should pre-notify the appropriate regulator of any material outsourcing proposal7 (in a reasonable time to allow the appropriate regulator to consider the potential impact of the proposal) or if it significantly changes a material outsourcing arrangement. Both the PRA and the FCA have the power to ask for additional information relating to outsourcing agreements and can, in appropriate circumstances, veto a proposed arrangement. Similarly, the appropriate regulator should also be notified of any material problems occurring with such outsourcing agreements.

59) SOURCING REFERENCE GUIDE Pre-Contractual Due Diligence Recommended Contract Terms A firm should, before entering or significantly changing an outsourcing agreement: A firm should include in an outsourcing agreement: â– â–  â– â–  â– â–  â– â–  â– â–  â– â–  analyse how the arrangement will fit with its organisation and reporting structure; business strategy; overall risk profile and ability to meet its regulatory obligations; â– â–  consider whether agreements establishing the arrangement will allow it to monitor and control its operational risk exposure relating to the outsourcing; conduct appropriate due diligence of the service provider’s financial stability and expertise; consider how it will ensure a smooth transition of its operations from its current arrangements to a new or changed outsourcing arrangement (including what will happen on the termination of the contract); and â– â–  â– â–  â– â–  â– â–  consider any concentration risk implications such as business continuity implications if a single service provider is used by several firms. â– â–  reporting or notification requirements in respect of the service provider; sufficient access for internal/external auditors, actuaries and the appropriate regulator; information ownership rights and confidentiality agreements; adequacy of guarantees and indemnities; the extent to which the service provider must comply with the firm’s policies and procedures (e.g. information security); business continuity; the need for continued availability of software following difficulty with a third party software supplier; â– â–  change control; â– â–  termination and exit provisions; â– â–  a relationship management framework; and â– â–  Pre-contract due diligence and contract terms The guidance table below only formally applies to insurers under SYSC 13. However, these are all areas that are widely viewed as standard market practice to consider in an outsourcing arrangement, whether for smaller, less material outsourcing deals or larger outsourcing arrangements. Supervision Sitting alongside SYSC and the basic principles, is “SUP” in both the FCA and PRA Handbooks. This details, amongst other things, guidance regarding the co-operation expected of firms under Principle 11, how the FCA and PRA can 59  |  Sourcing Reference Guide service level provisions (including escalation processes). gather information and how Firms should co-operate with each regulator in complying with Principle 11. This is, of course, relevant to Firms in their outsourcing arrangements. Firms must: â– â–  â– â–  permit representatives of the appropriate regulator to have access, with or without notice, during reasonable business hours to any of its business premises in relation to the discharge of the appropriate regulator’s functions under FSMA; take reasonable steps (including by way of contract terms) to ensure that each of its service providers under material outsourcing arrangements deals in an open and co-operative way with the appropriate regulator in the discharge of its functions under the FSMA in relation to the Firm;

60) SOURCING REFERENCE GUIDE â– â–  â– â–  ensure that the co-operation obtained from its service providers is similar to that expected (by the appropriate regulator) of the Firm itself; and ensure that the appropriate regulator has the right to seek from a service provider under a material outsourcing arrangement any information it would normally seek from the Firm in the first instance. Overall, both regulators expect a high level of co-operation and any Firm considering a material outsourcing proposal should ensure that these extensive, and often intrusive, access rights are set out and clearly understood in the outsourcing agreement. On the face of it, SOX is a principally an accounting issue. However, compliance with SOX has significant implications for an organisation’s processes and IT systems as well as any outsourcing arrangements affecting those activities. Three areas are of particular relevance to those involved in IT audit and control (and by implication to the outsourcing of the relevant IT functions): Section 302 The rules adopted by the SEC pursuant to Section 302 of SOX, require the CEO and CFO of each public company to certify that the financial statements filed with the SEC fairly present, in all material respects, the operations and financial condition of the issuer, as to the adequacy of the issuers “disclosure controls and procedures” and “internal controls” and as to certain other matters. Compliance with the SEC rules requires strong authentication controls such as encryption and user level logging of access and data amendment. Section 404 The rules adopted by the SEC pursuant to Section 404 of SOX covers attestation of the adequacy of the company’s internal controls over financial reporting and a separate report by the company’s accounting firm regarding the effectiveness of the company’s internal controls over financial reporting. As a result of these rules, organisations must not only introduce adequate systems in the first place but must also assess the adequacy of those systems on an annual basis. Section 409 The rules adopted by the SEC pursuant to Section 409 of SOX call for real-time reporting. It requires processes to be implemented to guard against denial of service, together with recording and mirroring of data. The SEC has amended its rules and form requirements to accelerate the filing of quarterly and annual reports by certain public companies. There is an overriding requirement on Firms to consider the FCA and PRA guidance on access rights in compliance with Principle 11. In addition, Firms should consider SUP 2.3 when carrying out material outsourcing arrangements. Firms must also take note of the FCA and PRA’s access rights as set out under SYSC 8.1.8R (which as described above, applies as rules to the outsourcing of critical and important functions by common platform firms) Sarbanes-Oxley Act (“SOX”) SOX amended certain provisions of the primary federal securities laws in the US and requires all public companies doing business in the US to, among other matters, disclose certain financial information publicly in a standard and transparent manner. Its relevance is not limited to the US; it does not differentiate between US companies and non-US companies to which the US-investing public is likely to have an exposure. This means that SOX catches: â– â–  â– â–  â– â–  non US companies with securities publicly traded in the US on national securities exchanges such as the New York Stock Exchange or the NASDAQ Stock Market; companies required to file reports with the SEC, particularly for subsidiaries of US corporations; and non-US subsidiaries of US parent companies where the parent is required to produce consolidated accounts for the group as a whole. While SOX applies to public companies, there are three important exceptions that apply to private and non-profit entities, in addition to public companies. 60  |  Sourcing Reference Guide

61) SOURCING REFERENCE GUIDE Other Compliance Issues Conclusion The financial regulatory compliance requirements form only part of the wider compliance issues that are likely to come into play with any outsourcing (although these requirements are likely to change somewhat if the outsourcing involves an offshore element). Anyone outsourcing will need to make sure therefore that they have identified and addressed the impact of the deal on compliance with relevant legislation such as the Data Protection legislation (and related secondary legislation and guidance notes/codes of conduct), the UK’s Freedom of Information Act 2000, Health and Safety at Work Acts and its Companies Act 1985 (as amended, and related corporate governance rules/guidance), relevant IT standards and other broader corporate governance requirements. Outsourcings involve a range of potential compliance issues. For any particular outsource the customer should ensure that it assesses the impact and risks of the project (notifying the appropriate regulator(s) where necessary), conduct necessary due diligence on the service provider, include relevant provisions in the outsourcing agreement, review the relevant regulatory schemes, establish appropriate management control of the service provider and the contract and continue to monitor and manage the relationship right through from transition to exit. Local perspective: Middle East Comprehensive regulation concerning sourcing activities by financial services organisations is not commonplace in the Middle East. While the Central Bank of Bahrain has issued rules which are not dissimilar to those set out in this Sourcing Reference Guide, typically sourcing regulation in the Middle East is not comparable to that which is found in the UK or other more highly-regulated jurisdictions around the world. Any financial services entity in the Middle East looking to outsource should consider consulting with their regulator to ensure that the proposed initiative is consistent with local practices. 61  |  Sourcing Reference Guide Service providers should be aware of their customer’s regulatory obligations and appreciate that these are usually non-negotiable requirements for their customers. Instead service providers should put in place structures and processes which allow them to accept these customer (and regulatory) requirements as part of the overall service offering. May 2014

62) SOURCING REFERENCE GUIDE 12. data protection  Foreword IN A NUTSHELL Sourcing Structures By virtue of its obligations under the UK Data Protection Act 1998 (“DPA”), a customer who has outsourced part of its business to a service provider will remain legally responsible for what happens to the customer data once it is in the possession of the service provider, regardless of its location. Theft, corruption, loss, unauthorised access or usage, and other misuse of customer data can result in legal action and reputational damage. Sourcing Agreement Structures The Services Description Offshoring Timing, Delivery and Delay Service Levels Compliance Addressing data protection issues before entering into a sourcing arrangement and adopting the right strategy for dealing with the type of transfer taking place are therefore key components of a successful sourcing. Additionally, it is important to recognise and distinguish between the key issues that relate to any outsourced processing activity and those issues that apply when the service is offshored, especially where data is being transferred across different jurisdictions and to multiple entities. Data Protection Figure 1 Service Credits Charging Models Tax Benchmarking and Continuous Improvement In a nutshell Process Key issues  Managing data protection throughout the life of the contract Sector/service specifics Local perspective: US Local perspective: Australia Local perspective: Belgium Conclusion TUPE and Employee Issues Termination Triggers Exit Management Subcontracting: Risk, Liabilities and Managing the Relationship Secondary Sourcing: Contract Renewal, Insourcing and Retendering Governance Intellectual Property Dispute Resolution 62  |  Sourcing Reference Guide Glossary of Terms Data Controller: is the party responsible for determining the purposes for which and the manner in which personal data are to be processed. It is the data controller who is responsible for compliance with the DPA. Customers of service providers generally remain data controllers. Data Processor: is any party that processes personal data on behalf of the data controller. Service providers of outsourced services are generally considered data processors since they tend not to have discretion to determine the manner and purposes for which the data is used. Data Subject: is the person about whom the personal data relates. Personal Data: means any data that, either alone or when combined with other data, can lead to the identification of an individual. A person’s name is an obvious example, but other examples include a bank account number, address, registration number, National Insurance Number, email address, job title, location and IP address, all of which can also constitute personal data. Processing: virtually any act carried out in relation to personal data will constitute processing for the purposes of the DPA, including obtaining, recording, downloading, altering, combining, transmitting, deleting, disclosing, altering and storing the data. Sensitive Personal Data: is any personal data relating to a person’s race or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sex life or involvement in criminal proceedings.

63) SOURCING REFERENCE GUIDE process The DPA essentially implements the requirement set out in EU Directive 95/46/EC for data controllers to take “appropriate technical and organisational measures” to prevent the unauthorised use or disclosure of personal data. It creates a legal regime in which the party identified as the data controller is responsible for compliance with the DPA. Even if the data controller has contracted with another party to undertake all the processing of its personal data, as long as it determines the manner and purposes of the processing, it will remain the data controller and accountable under the DPA. Thus if the service provider (i.e. the data processor) in turn sub-contracts its processing obligations, it will be important to ensure that all the data protection obligations flow down to the sub-contractor. (Sub-Contracts are discussed at Chapter 16.) When considering sourcing IT services, the following steps should be taken: 1) Assess the status of the parties handling the data and allocate responsibilities accordingly Most sourcing arrangements involving transfers of personal data constitute a data controller (usually the customer) to data processor (usually the service provider) relationship. Occasionally, an arrangement will result in a data controller to data controller relationship. This will occur if the service provider is able to determine the purposes for which personal data is processed and has significant discretion as to how the processing is undertaken. A controller – controller relationship is easier to manage when the arrangement is between two parties subject to the same law. The situation becomes more complicated if the data controllers are located in different jurisdictions and also where the beneficiaries of the sourced services include multiple entities within the same corporate group. 2) Assess type of data and appropriate level of security required to protect it Data controllers are required to ensure a level of security for personal data that is appropriate both to the harm that might result from the unauthorised use or disclosure of the data and to the nature of the personal data to be protected. For example: â– â–  If the data controller is processing sensitive personal data, such as health records, the security measures that it has in place will generally require greater sophistication than if only processing personal data (e.g. names and email addresses). 63  |  Sourcing Reference Guide â– â–  Financial information such as bank account numbers and credit cards details, although not categorised as “sensitive personal data” under the DPA, has the potential to result in much harm if wrongfully disclosed, and therefore data controllers are advised to implement the highest level of security in relation to this data. The DPA is silent regarding the specific security measures that a data controller should have in place to be compliant, however, the Information Commissioner (the enforcer of the DPA in the UK) has recommended certification with or adherence to ISO 27001/2 (as amended). 3) Consider means of providing adequate security of data Where processing is carried out by a data processor on behalf of a data controller the data controller must: â– â–  â– â–  â– â–  choose a data processor that can provide sufficient guarantees in respect of the required security measures; take reasonable steps to ensure that the data processor complies with those measures; and ensure that the processing is carried out according to the terms of a written agreement that stipulates that the data processor may only act on instructions from the data controller and that this requires the data processor to comply with obligations equivalent to those imposed on the data controller by the seventh data protection principle (see Figure 2). 4) Conduct due diligence on data processor to ensure adequate level of protection and security The obligation to choose a suitable data processor with reliable staff indicates the need to carry out some due diligence of the service provider prior to transferring any data or entering into any formal agreement. This will be true regardless of where the service provider is located. 5) Consider if need undertakings from third parties Although not specifically set out in the DPA it will be important to ensure, as part of achieving the required security, that the data controller takes reasonable steps to ensure that any employees responsible for processing personal data are reliable and that the data processor will do the same. This would include

64) SOURCING REFERENCE GUIDE the need to obtain confidentiality undertakings from employees/third parties as appropriate to their role in data handling. 6) Enter into a formal agreement It is important to note that the DPA does not impose legal or statutory obligations directly upon data processors. Therefore data controllers (the customer) must have in place robust contractual provisions within the agreement to restrict and control the usage and storage of personal data being processed on its behalf. Most of the requirements set out above can be stipulated as contractual obligations imposed on the data processor. key issues The Eight Data Protection Principles The DPA, contains eight principles with which all data controllers are required to comply when processing personal data (see Figure 2 “The Eight Principles”). Figure 2: The Eight Principles: 1. All processing must be fair and lawful; 2. Personal data should only be collected for lawful purposes that have been communicated to the data subject; 3. Personal data that is collected should be adequate, relevant and not excessive to the purposes for which it was collected; 4. Personal data should be accurate and where necessary, kept up-to-date; 5. Personal data should not be kept for longer than necessary to meet the purposes for which it was collected; 6. The processing of personal data should be done in accordance with the rights granted to data subjects by the DPA; 7. Appropriate technical and organisational measures must be taken against unauthorised or unlawful processing of personal data, and against any accidental loss or destruction of, or damage to personal data; and 8. Personal data is not to be transferred to a country outside the European Economic Area unless the receiving jurisdiction ensures an adequate level of protection for the rights and freedoms of data subjects, together the “Data Protection Principles”. Ensuring adequate protection when off-shoring personal data Application of the eighth data protection principle is relevant where services are being offshored, either directly by the data controller or by the service provider to a sub-contractor. The DPA prohibits the transfer of personal data (and sensitive personal data) to a country outside the EEA unless that jurisdiction can offer an “adequate level of protection” for the personal data (see Data Protection Principles at Figure 2). An adequate level of protection will consist of either a statutory, contractual or self-regulatory regime that imposes obligations on the data exporter and data importer comparable to those imposed by the EU Directive. Additionally, if a data controller plans to transfer personal data outside the EEA from more than one country within the EEA then the requirements of each national data protection law may have to be satisfied depending upon whether the laws of that EEA jurisdiction applies to such transfer. The European Commission, responsible for Europe-wide implementation and interpretation of the EU Directive, recognises a number of means of achieving “adequate 64  |  Sourcing Reference Guide protection”, and it is advisable for data controllers to, as a minimum, adopt one of the contractual mechanisms for achieving adequacy as set out below: a)  Countries deemed “Adequate” or “White List” countries: the European Commission can, after much scrutiny and deliberation, issue a decision that deems another country to have a data protection regime in place that offers a level of protection for personal data equivalent or superior to that created by the EU Directive. Once a jurisdiction is deemed adequate, transfers of personal data can be made to the country without further measures being adopted by the parties. So far, only a handful of countries and jurisdictions have been designated by the Commission: Andorra, Argentina, Australia, Canada, Faeroe Islands, Guernsey, Jersey, Israel, Isle of Man, New Zealand, Switzerland, the U.S. for transfers of Passenger Name Record (“PNR”) Data, the U.S. Safe Harbor Certification Programme and Uruguay.

65) SOURCING REFERENCE GUIDE b) European Commission Model Clauses: The European Commission has, to date, approved two sets of data controller to data controller clauses and one set of data controller to data processor clauses. In order to benefit from the ability to use the clauses for transfer of personal data from within the EEA to a controller or processor established outside of the EEA, the clauses cannot be substantially modified. Transfers of personal data that are governed by the model clauses are deemed to be compliant with the EU Directive’s (and the DPA’s) restrictions on international transfer of data. c) Data Controller’s Self-Assessment of Adequacy: The Information Commissioner allows for data controllers to make their own assessments of adequacy and guidance has been published to facilitate this process (see www.ico.gov.uk). The process is time consuming, a paper trail of the audit must be kept and it is not commonly adopted due to the risk and onus being placed upon the controller to ensure that its assessment meets the relevant standards. The audit will be necessary when a data controller is transferring personal data to another data controller (as opposed to a processor) and the parties do not intend to use the model clauses or any other form of agreement. We would recommend, however, that any transfers of personal data are governed by an agreement. d) Derogations from the Eighth Principle: Schedule 4 of the DPA contains exemptions to the requirements of the eighth principle, most notably when consent to the transfer has been obtained from data subjects. However, obtaining specific and appropriate consent will not always be possible or realistic and consent should be relied upon with caution as it can be withdrawn. Other exemptions apply when the transfer is necessary for the performance of a contract between the data controller and the data subject. Guidance published by the European Data Protection Working Party (known as the Article 29 Working Party) emphasises that application of the exemptions must be strict and the “necessity” requirement will be difficult to satisfy. 65  |  Sourcing Reference Guide e) Binding Corporate Rules: The use of Binding Corporate Rules to achieve adequacy is only available to multinational organisations transferring personal data between jurisdictions amongst themselves (and does not address transfer outside of the corporate group). It requires the multinational to agree a set of data protection compliance rules which will then need to be approved by each jurisdiction’s respective data protection authority. One of the significant benefits of this regime is the ability to choose one data protection authority as a point of contact to liaise with the other data protection authorities. This “point of entry” will need to be considered carefully and appropriately justified before being designated. However, this will not be a method to achieve compliance with international data transfer restrictions between a controller and a service provider, as it only legitimises “intra-group” transfers of personal data, not transfers to a third party provider. f) Processor Binding Corporate Rules: In addition to binding corporate rules to deal with the internal processing of personal data, binding corporate rules for data processors/service providers is also possible. These rules allow for data being sub-processed by other members of the service provider’s corporate group in any other jurisdiction, provided that the organisation has an approved set of binding corporate rules applicable to its processing of customer personal data. managing data protection throughout the life of the contract The customer as the data controller will need to ensure that all the Data Protection Principles are respected by its service provider. sector/service specifics In addition to the above, it is important to remember that compliance with the DPA is not the end of the story. Where organisations are regulated by other bodies (e.g. financial services sector), additional regulations, sanctions and obligations such as mandatory breach notification requirements might impact upon the obligations set out in the agreement and the level of data security due diligence needed before an agreement is finalised.

66) SOURCING REFERENCE GUIDE Local perspective: US In addition, some countries have laws that stipulate specific IT security requirements of which data controllers should be aware. In the U.S., for example, forty-six states, plus several U.S. territories, have passed data breach notification laws. These statutes require companies to notify customers if there is reason to believe that certain customer data (typically, name in combination with Social Security number, drivers’ licence or government identifier, passport number, or credit card or financial account number; in some cases also health insurance number, health data, and biometric data, and date of birth in combination with name) has been accessed or acquired by an unauthorised person. At least California and Puerto Rico require notice to individuals when the breach involves username and password for an online account. These breach notice obligations go beyond the requirements of the EU Directive. In addition, the United States has about twenty sector specific or medium specific national privacy or data security laws, and hundreds of such laws among its fifty states. (California alone has more than twenty-five state privacy and data security laws). These laws typically address particular types of data or industries. They are too diverse to summarize fully in this volume, though we summarize some of the key highlights of these laws, in particular where requirements may go beyond those found in EU legislation and implicate a range of outsourcing arrangements. There are several industry-specific laws and regulations at the national level in the U.S. that impose specific privacy and security obligations on companies operating in regulated industries, such as the financial, healthcare and telecom industries. For example, the Health Insurance Portability and Accountability Act (“HIPAA”), and its amending laws and implementing regulations, impose detailed and specific security requirements and privacy restriction. HIPAA applies to “covered entities” – which include, doctors, hospitals, pharmacies, insurers and other entities that provide health care services to individuals – as well as their “business associates” – which are essentially any vendor or service provider of the covered entity that may or could have access to personally identifiable information gathered in the context of the health care services provided by the covered entity. HIPAA also places restrictions on the permissible uses and disclosures of personally identifiable health information, imposes specific breach notice and reporting requirements, and sets forth specific standards for de-identification of covered information. As noted, HIPAA applies to business associates and service providers of covered entities (i.e., healthcare providers and insurers), not just the providers themselves; business associates and service providers would typically include, e.g., data hosting and cloud service providers who store covered information on behalf of a covered entity, or IT companies that perform database administration services for covered entities. In addition, as noted, several U.S. states have passed laws mandating specific security standards for those companies that maintain certain personal information (typically, name in combination with Social Security number, drivers’ license or government identifier, passport number, or credit card or financial account number). Massachusetts, for example, has passed the most granular of these state security laws, which sets forth the minimum component of an information security program. Nevada law mandates encryption of certain personal information (as described above), and also requires companies that accept credit card payments comply with the Payment Card Industry Data Security Standard. Local perspective: Australia In Australia, since 12 March 2014 all APP Entities have been required to comply with the 13 Privacy Principles contained within the Privacy Act 1988 (Cth) (“the Act”). (An Australian Privacy Principle Entity, or “APP Entity”, is essentially any government or private organisation other than those whose turnover falls beneath the AU$3 000 000 threshold.) An APP Entity which collects, uses or discloses Personal Information must under the Act, take reasonable steps to protect that information from misuse, interference, loss, unauthorised access, modification and disclosure. In contrast to the position in the UK, if an APP Entity discloses or outsources the handling of Personal Information to another APP Entity (ie a Service Provider in Australia) there is no specific requirement for the disclosing APP Entity to ensure that the Service Provider complies with Australian privacy law. This is because the Service Provider is 66  |  Sourcing Reference Guide

67) SOURCING REFERENCE GUIDE already subject to Australian privacy law. However, the disclosing APP Entity’s obligations to protect the information will extend to carrying out some due diligence to ensure that it selects a Service Provider (even one in Australia) which has compliant privacy practices and processes. Additionally, as part of the APP Entity’s obligation to protect Personal Information, it is nevertheless best practice to have in place robust contractual provisions to restrict and control the usage and storage of Personal Information being processed on its behalf (often requiring the Australian Service Provider to comply with the APP Entity’s privacy policy and directions). If an APP Entity discloses Personal Information to a foreign Service Provider (ie an Overseas Recipient) it must take reasonable steps to ensure that the Overseas Recipient will not breach the APPs in relation to the information disclosed and the disclosing APP Entity will remain responsible for ensuring that the Overseas Recipient handles the information in accordance with Australian privacy laws, unless the APP Entity obtains the informed consent of the relevant individuals to their information being disclosed to the Overseas Recipients. However, the disclosing APP Entity is not required to take these steps if the Overseas Recipient is subject to privacy laws which are similar to Australia’s (or another of the limited exceptions applies). In terms of specific contract provisions, if an outsourcing arrangement includes the disclosure of Personal Information to a Service Provider, then the contract between the parties should contain a privacy clause and comprehensive information handling instructions. The clause should, at a minimum: â– â–  â– â–  â– â–  â– â–  â– â–  â– â–  stipulate that the Service Provider will only use the Personal Information on behalf of the APP Entity and only in accordance with the APPs and the APP Entity’s instructions; require the Service Provider to implement and maintain appropriate technical and organisational measures to prevent against the unlawful use or disclosure of Personal Information in consideration of the type of Personal Information being processed; require the Service Provider not to do anything that would result in the APP Entity being in breach of the Privacy Act/APPs; oblige the Service Provider to return or delete and/or destroy the Personal Information (at the APP Entity’s option) at the earlier of the end of the term of the agreement or termination; require the Service Provider to notify the APP Entity in the event of any claim, data loss or other complaint received which relates to the processing of Personal Information; and include an indemnity protecting the APP Entity sending the information for any losses or liability arising from the Service Provider’s breach of the clause, and data loss and instructions (including providing all assistance necessary). Local perspective: Belgium â– â–  Unsurprisingly, given that it also implements the EU Directive, Belgium data protection legislation closes mirrors the UK’s DPA. However there are some differences. For example, in Belgium any transfer agreement materially deviating from European Commission Model Clauses must be approved by Royal Decree, as will both normal and processor binding corporate rules. In Belgium, the written agreement between controller and processor must also contain terms as to the data processor’s liability as regards the processing of personal data on the instructions of the data controller. (In practice, of course, for commercial reasons these written agreements will almost inevitably include liability provisions regardless of the legal requirement to do so.) 67  |  Sourcing Reference Guide

68) SOURCING REFERENCE GUIDE conclusion If a sourcing arrangement includes the transfer of personal data to a service provider, then the contract between the parties should contain a data protection clause and comprehensive data processing instructions. The clause should, at a minimum: â– â–  â– â–  â– â–  â– â–  â– â–  â– â–  â– â–  Other practical steps for a customer will include: â– â–  identify which party is the data controller and which party is the data processor (generally the service provider); stipulate that the data processor will only process personal data on behalf of the data controller, only in accordance with its instructions and for the purposes of providing the “services”; require the data processor to implement and maintain appropriate technical and organisational measures to prevent against the unlawful use or disclosure of personal data in consideration of the type of data being processed; not to do anything that would result in the data controller being in breach of the DPA; oblige the data processor to delete and/or destroy the personal data (at the data controller’s option) at the earlier of the end of the term of the agreement or termination; require the data processor to notify the data controller in the event of any claim, data loss, cyber-attack, breach, or other complaint received which relates to the processing of personal data; and 68  |  Sourcing Reference Guide include an indemnity protecting the data controller for any losses or liability arising from the data processor’s breach of the clause, and data loss and instructions (including providing all assistance necessary). â– â–  â– â–  if the arrangement includes off-shoring personal data, the service provider must provide an adequate level of protection for the data, as contemplated by the seventh principle; due diligence of the service provider to ensure that it is capable of meeting the security requirements, that it has reliable staff and that it will agree to satisfactory auditing; and checking that its notification with the Information Commissioner reflects any outsourced activity and transfers outside the EEA; failure to do so is a strict liability offence. May 2014

69) SOURCING REFERENCE GUIDE 13. TUPE and employee issues Foreword Sourcing Structures Sourcing Agreement Structures The Services Description Offshoring Timing, Delivery and Delay Service Levels Service Credits Charging Models Tax Benchmarking and Continuous Improvement Compliance Data Protection TUPE and Employee Issues In a nutshell European legislation The legal process Conclusion In a nutshell Automatic transfer of employees Across the European Union, legislation potentially protects employees so that, when their work is outsourced/sourced from a third party, their employment follows. As explained below (see “European legislation, Step 1: Does the legislation apply?”) the legislation is more likely to apply to UK based employees than it is to employees in most other EU jurisdictions. Where the legislation does apply, and the employees are protected, it means that those customer employees who are mainly active in the transferring activities automatically become service provider employees upon the outsource. These transferring employees will transfer to the service provider on the same terms and conditions as they had previously enjoyed with the customer. It is not possible to contract out of the legislation. As a result, as part of the preparations for many outsourcings, the customer and in some cases the service provider are required, by law, to follow a prescribed information and consultation process with the affected employees. As part of the overall commercial negotiation, the customer and service provider will negotiate, and allocate between them, the various potential risks/liabilities which are associated with those transferring employees. Termination Triggers Upon outsourcing and upon exit Exit Management This chapter focuses upon a first generation outsource (from customer to service provider). It therefore concentrates upon issues arising from the first transfer of customer staff “out” to the service provider. However, it is important to appreciate that the same legislation can protect service provider employees at the end of the relationship, when the relevant services transfer from the service provider either to a replacement provider or back to the customer. This means that, at the end of the outsource (or part of the outsource), the replacement service provider/customer can find itself employing staff who were previously employed by the service provider (along with all of the rights and liabilities that go with those staff). For this reason, even before the outsourcing starts, well informed parties negotiate the allocation of transfer risks upon exit as well as upon the initial outsource. Subcontracting: Risk, Liabilities and Managing the Relationship Secondary Sourcing: Contract Renewal, Insourcing and Retendering Governance Intellectual Property Dispute Resolution Geographic scope The main focus of this chapter is European legislation. However, employees in some non-European jurisdictions, such as South Africa and Australia, can also enjoy legal protection when their work is sourced from a third party. (See Local Perspective, Australia at the end of this chapter). 69  |  Sourcing Reference Guide

70) SOURCING REFERENCE GUIDE Local perspective: Middle East As is the case anywhere else in the world, labor law issues and the political climate are important factors to consider when devising a sourcing programme which involves the transfer of employees in the Middle East. In the Gulf Cooperation Council States (i.e., KSA, UAE, Oman, Kuwait and Qatar), in broad terms no expatriate is entitled to enter the country without a valid visa or be employed locally without a valid work permit. Visas and work permits are not always easy to obtain, meaning that visa and work permit delays can have a knock-on effect on the service provider’s performance commitments. Therefore, where a sourcing involves service provider personnel being on-shored to provide Even for countries where there is no equivalent protection at law, the customer and service provider will sometimes decide to impose a standard, global, approach to employees for the outsource. Where some of the employees are EU based this “one size fits all” approach necessarily incorporates the legal requirements discussed in this chapter. In effect, the geographical scope of the European legislation is extended in practice, if not in law. European legislation The European legislation by which, in certain circumstances, customer employees automatically “follow the outsource” is the European Acquired Rights Directive (often referred to as “ARD”). Each European Member State has its own legislation implementing the ARD into its domestic law; for example in the UK this is achieved by The Transfer of Undertakings (Protection of Employment) Regulations 2006 Does the legislation apply Who transfers? the relevant services, obtaining, renewing and replacing those people and their necessary official documents are activities which should be well planned in accordance with local laws and practices. Further, increasing the number of local nationals who are employed locally is a key agenda item for many governments in the region and one which does not sit easily alongside efforts to outsource. Therefore, while TUPE and ARD do not exist in the Middle East, staff issues and applicable local labor laws do need to be dealt with and managed proactively during and after the procurement so as to avoid complications and disappointments. (“TUPE”) and in Belgium by Collective Bargaining Agreement No 32bis (“CBA 32bis”) as amended from time to time. This chapter: â– â–  â– â–  â– â–  â– â–  considers the application of the ARD/TUPE to a sourcing situation; looks at the implications of the ARD/TUPE applying; considers whether the ARD/TUPE applies to an offshoring; and identifies the key commercial/legal risks attached to any employee transfer. The legal process The legal analysis of any potential employee transfer in the EU can be broken down into four key stages: What transfers? Information and consultation requirements Step 1: Does the legislation apply? Broadly, the legislation applies when there is a “relevant transfer”. In the UK, TUPE goes wider than the ADR and two tests determine whether or not particular circumstances give rise to a relevant transfer. 70  |  Sourcing Reference Guide

71) SOURCING REFERENCE GUIDE Business transfer test Service provision change test The business transfer test is satisfied where there is “a transfer of an economic entity which retains its identity”. By economic entity the legislation means “an organised grouping of resources which have the objective of pursuing an economic entity, whether or not that activity is central or ancillary”. For the service provision change test to be satisfied four conditions must be fulfilled: 1.  that immediately before the service provision change, there is an organised grouping of employees situated in Great Britain which has as its principal purpose the carrying out of the activities concerned on behalf of the customer. (“Principal purpose” means that the employees must be essentially dedicated to the relevant activity); 2.  that the customer intends that the activities will, following the service provision change, be carried out by the service provider (and that this is not a single specific event or a task of short term duration); 3.  that the activities carried on after the service provision change are fundamentally or essentially the same as those carried on before it; and 4.  that the activities concerned do not consist wholly or mainly of the supply of goods for the customer’s use. Within the UK, TUPE applies if one, or both, of these tests are satisfied. Other EU jurisdictions only apply their own versions of the Business Transfer test, for example Belgium requires “a transfer of an economic entity which retains its identity”. In practice it can be difficult to apply the tests, meaning that it is perfectly possible for the parties to reasonably conclude that ADR/TUPE does not apply (and so no employees will transfer), only for the court to decide differently (or vice versa). For this reason, even where the parties think that the proposed arrangement falls out of scope, it is not uncommon for the sourcing agreement to, nevertheless, contain comprehensive employee transfer provisions which are only triggered should, in fact, the arrangement subsequently be deemed a “relevant transfer” and thus within the scope of legislation. Step 2: Who transfers? Where there is a relevant transfer, those of the customer’s employees who are “assigned” to the part of its business which is transferring are automatically transferred to the service provider. (And on exit, the service provider’s transferring employees may well be 71  |  Sourcing Reference Guide said to be assigned to a “transferring contract”.) Upon the date of transfer, these employees’ employment contracts take effect as if they had originally been made between the employee and the service provider (which means, for example, that their continuity of service remains uninterrupted). Whether or not a particular employee is “assigned” to the relevant business area/contract is a matter of fact at law; it is not something for the parties to negotiate between them. It is usually clear which employees are affected – but can be less so upon exit if the outgoing service provider’s employees support a variety of customer contracts. (Sometimes, as part of the sourcing agreement, a customer will require its service provider to organise its service delivery in such a way that the risk of service provider employee transfer on exit is minimised.) An employee transfer happens automatically, not by agreement of the parties. It is therefore important to identify early in the planning stage which employees will transfer, and what liabilities and obligations transfer with them (see Notification of Employee Liability Information below). In fact, it is not uncommon for the incoming service provider to ask the

72) SOURCING REFERENCE GUIDE However, if s/he refuses to enter into employment with the service provider without expressly resigning, and assuming that the service provider at least respects its obligation to respect the terms and conditions of employment as applicable prior to the transfer, Belgium case law generally takes the view that the worker has impliedly resigned. customer for contractual protection against the risk of employees transferring to it in addition to the disclosed employees. Whilst transfer is automatic, an employee can avoid transfer by objecting. His or her employment then comes to an end automatically upon the outsource. There are exceptions, but generally speaking in this scenario there is no “dismissal” of that employee and therefore no potential claim for unfair dismissal or for redundancy. Step 3 What transfers? The general rule is that all rights and liabilities relating to the transferring employees transfer from the customer to the service provider; however, again, there are some exceptions. The table below is not comprehensive but explains how some of the key rights/ liabilities associated with employee transfer are treated in the UK under TUPE. Local perspective: Belgium CBA 32bis does not provide for the eventuality that the employee would not wish to transfer. If the employee expressly resigns then there is no issue. Right/liability Automatic transfer? Risk of actual/future claims relating to underpayment of wages by the customer Risk of actual/future claims attached to discriminatory behaviour by the customer Collective Agreements and Trade Union Recognition rights Terms and conditions of employment (including enhanced pension rights)  Restrictive covenants within employment terms  Certain rights arising in respect of old age or ill health retirement under occupational pension schemes.  Criminal liabilities   Rights/liabilities in respect of any employee who objects to the transfer 72  |  Sourcing Reference Guide    Comment – – – Contractually enhanced pension payments due upon early retirement by way of redundancy/ill health will transfer. Sometimes it is impossible for the service provider to replicate the customers’ terms. (e.g. the contractual right to participate in an employee share scheme.) Where this is the case, another benefit of a similar value must be provided by the service provider. Restrictive covenants (“non compete” obligations) also transfer but, of course, their scope will have been defined by reference to the customer’s business. It may, therefore, be necessary for the service provider to arrange for the restrictive covenants to be changed or renewed if it plans to continue to employ the transferring employees. However, service providers are required to offer the opportunity to participate in an occupational or stakeholder pension scheme if the employees were eligible to participate in an occupational pension scheme pre-transfer. Some contractual terms may, however, still transfer. – The objecting employee will not transfer either.

73) SOURCING REFERENCE GUIDE As part of their negotiations, the customer and the service provider will discuss how to allocate between them the actual/potential financial cost attached to each liability. For example, as the table shows, the service provider will automatically “inherit” any employee discrimination claims – even those relating to an employee’s historical employment by the customer. The parties cannot prevent this transfer of legal risk. However the sourcing agreement could require the customer to financially reimburse the service provider’s costs in defending/settling any discrimination claims which were caused by the customer’s treatment of the employee before he/she transferred to the service provider. Notification of Employee Liability Information To allow the service provider to plan, the customer is legally obliged in the UK to provide the service provider with certain information about those employees which will transfer to it. There is a list of mandatory information but it includes: â– â–  â– â–  â– â–  â– â–  Local perspective: Belgium For Belgium, the following should be noted: â– â–  â– â–  â– â–  â– â–  occupational pension rights are excluded from the rights that transfer under CBA 32bis. However, the premiums paid by the customer to the pension insurer are considered remuneration and are protected in that capacity. The service provider must thus at least provide a benefit with the same value; the Belgian 1968 Act on Collective Bargaining Agreements, stipulates that, all collective bargaining agreements signed at company level and applicable prior to the transfer, continue to apply at the service provider for the remaining part of their term. If the customer has thus signed a collective bargaining agreement stating that the transferred employees will be affiliated to a particular pension plan, the service provider will have to affiliate the employees to that very same pension plan for a least the remaining term of the collective bargaining agreement (or negotiate an amendment to this collective bargaining agreement); unless an agreement is reached with the employees concerned, changes to terms and conditions following a transfer might allow the worker to invoke constructive dismissal. There will however only be a constructive dismissal if the service provider unilaterally changes an essential element of the employment agreement; particular provisions apply to a transfer after the bankruptcy of the transferred entity. 73  |  Sourcing Reference Guide the identity and age of each employee his/her pay and terms and conditions of employment (including pension information and notice period) information about any recent disciplinary proceedings/ grievances taken against the employee information about any recent legal action taken by the employee against the customer (or the risk of the same). In England this information must be provided at least 14 days before the transfer. In respect of transfers on or after 1 May 2014, the information must be provided at least 28 days before the transfer. In practice it will usually be disclosed well before that deadline to enable the outsource to be properly priced and planned by the service provider. This legal obligation to notify is helpful to encourage appropriate contractual provisions upon exit as, without it, the incumbent service provider might otherwise be reluctant to co-operate in disclosing employee information to the new provider/the customer. Local perspective: Belgium There is no similar legal protection to notify under CBA 32bis, although it is recommended that the parties agree on such an obligation. Liability for failure to notify Failure to provide sufficient, or timely, employee liability information in relation to any of the transferring employees risks an award against the customer/outgoing service provider for breach of the legislation (and/or damages for breach of contractual obligations). This can prove a significant potential liability in a large scale outsourcing.

74) SOURCING REFERENCE GUIDE Duty to inform and consult employee representatives In addition to providing the service provider with employee information, the customer has a legal obligation to inform and consult with its relevant employees (and duties fall upon both parties to inform and consult employees who are “affected by the transfer”). The customer must inform employees about the transfer and to consult with them about any proposed “measures” (such as dismissals, changes to terms and conditions or working practices, recognition of unions or changes to pension arrangements or even a change to a payroll date). Where there is a recognised trade union or works council then the information has to be provided to that organisation and consultation has to take place with it. Otherwise the customer will liaise with employee representatives. Information to be provided to representatives The trade union, works council or employee representatives must be informed of: â– â–  â– â–  â– â–  â– â–  the fact that the transfer is to take place, its date or proposed date and the reasons for it; the legal economic and social implications of the transfer for any affected employees; the measures which the customer or service provider envisage they will, in connection with the transfer, take in relation to any affected employee – or if no measures are envisaged being taken, that fact; information relating to the use of agency workers by the employer, including the number of agency workers employed under the supervision and direction of the employer, the parts of the undertaking in which they are working and the type of work they are carrying out. 74  |  Sourcing Reference Guide Employee consultation must be with a view to reaching agreement as to any proposed measures affecting the relevant employees. Crucially, this means that no decisions should be made until consultation has been exhausted. This legal requirement has important practical implications for timescales. Exactly how much time to allow for consultation will depend on the particular circumstances and the jurisdiction(s) in question, but certainly employee consultation should begin before the sourcing agreement is signed. Liability for failure to inform and consult Where there has been a failure to properly inform and consult employees, a UK employment tribunal can make awards of up to 13 weeks’ pay per affected employee. Other similar penalties would be imposed under other European jurisdictions (and in France criminal sanctions can follow). In the UK, liability is joint and several as between the customer and the service provider. In practice, the tribunal is likely to make the party responsible for the breach primarily liable for the award. However, appropriate indemnities relating to breach of these obligations will likely be included in the sourcing agreement. In some countries, outside the UK, there is potential criminal liability for a failure to consult and the risk that employee representatives could block progress by obtaining a court order to stay the process until consultation has been exhausted. Redundancies Proposed organisational changes or staffing reductions after the transfer can prove challenging as they can trigger unfair dismissal claims where they are outside the scope of the (narrow) permitted grounds. Where redundancies are proposed, in most jurisdictions separate legislation will impose certain minimum consultation requirements, over and above those required by TUPE/ARD. These redundancy requirememts will vary from jurisdiction to jurisdiction and should be complied with in addition to the employee consultation requirements discussed above.

75) SOURCING REFERENCE GUIDE Offshoring Conclusion Unfortunately, the ARD does not expressly address the issue of cross-border transfers. However, in the UK, case law has indicated that TUPE can apply to transfers out of the UK, with the courts prepared to interpret there is a transfer within the UK immediately before a subsequent offshoring by the new employer. Employee transfer issues are complex and arise automatically. The parties to the sourcing agreement cannot disapply the legislation but can, and will, negotiate which of them underwrites each related risk/ cost. This risk allocation will form part of the sourcing agreement in which, for example, the customer might agree to compensate its service provider for claims relating to the customer’s own historical employment of the transferring individuals. Recent UK case law has found dismissals pre-transfer in an off-shoring context to be unfair; redundancies justifying such dismissals would only have arisen after the transfer, when the service provider relocated the work, and the transferor could not “borrow” the transferee’s reason for dismissals ahead of time. Accordingly, any restructuring around an off-shoring needs to take care to avoid triggering such liabilities. A well planned outsource will consider employee issues early in the process. In this way local advice can be sought, if necessary, and any mandatory time periods taken into account. June 2014 Local Perspective: Belgium Belgium case law has applied the ARD to transfers out of, in this case, Belgium. It is very likely that employees will be able to invoke constructive dismissal, even if, the distance and travel time between the customer’s location and the service provider’s location would be limited, changing the place of work to another country would inevitably have consequences on the applicable social security system, tax, national employment law etc. Local perspective: Australia Summary Unlike in the UK and many other European Union jurisdictions, employees in Australia do not have an automatic right of transfer when their work is outsourced to another party. The service provider is therefore legally able to make offers to only some (or none) of the employees as a matter of law. However, where a service provider does make offers of employment to transferring employees, it will be obliged to apply the minimum benefits of any industrial instrument (for example a workplace agreement that was binding on the former employer) that applies to those employees. Its offer of employment cannot be on terms that are less favourable than the minimum benefits in the industrial instrument. The service provider will typically make offers of employment to many, or all, of the affected employees (through a commercial arrangement with the customer). The offer will usually maintain their existing terms and conditions and recognise their service with the customer employer as service with the service provider because if the offer is not on those terms, the general rule is that the transferring employees are entitled to potentially significant redundancy payments from the customer. Outsourcing and transfer of business laws The Australian equivalent of TUPE are the transfer of business laws. Transfer of business laws apply to outsourcing of work. Where there is a transfer of business, the service provider is not legally required to take all or any of the staff who were performing the relevant work. 75  |  Sourcing Reference Guide

76) SOURCING REFERENCE GUIDE However, if an employee in a transfer situation is not offered a position by the service provider, the affected employees will be entitled to, in many cases, significant redundancy payments. This therefore creates a commercial incentive for the parties to an outsource arrangement to enter into a commercial arrangement whereby many (if not most) of the affected employees do receive an offer of employment to minimise those redundancy payments. What sort of offer of employment is made? Where the service provider does make offers of employment to transferring employees, it will be required to observe any minimum terms and conditions that the transferring employees enjoyed under any enterprise agreement that applied to them. The offers of employment made by the service provider must be consistent with those minimum terms and conditions; it is not possible to contract out of that obligation. The workplace agreement will continue to apply to the transferring employees until it is replaced by a new workplace agreement or terminated. It is often difficult to terminate workplace agreements. It will require the approval of the federal labour tribunal, known as the Fair Work Commission, which must be satisfied that it is in the public interest to terminate the workplace agreement. If the agreement has not passed its expiry date, a majority of employees covered by it will also need to approve the termination of the agreement. Do employees have to accept offers of employment? An employee of the customer is not obliged to accept an offer of employment made by the service provider, they are free to reject such an offer. However, the disincentive to rejecting an offer is that they may not be entitled to redundancy pay if the offer is comparable to the terms and conditions they enjoyed with the customer, including that their length of service with the customer is recognised. It therefore makes little financial sense for an employee to reject such an offer of employment; the customer is unlikely to be able to offer them alternative employment and the likelihood is that their employment will end. In those circumstances, employees do not receive redundancy pay, they only receive benefits equivalent to having resigned. Commercial terms dealing with employees In order to minimise redundancy liability, the parties typically have a requirement in the sourcing agreement which requires the service provider to make offers of employment to all, or most, of the affected employees and it requires that the offer is: â– â–  no less favourable (or comparable, or words to that effect) than the terms and conditions they currently enjoy; and â– â–  recognises their prior service with the customer as service with the service provider. The outsourcing agreement may also require the customer to make reasonable endeavours to persuade the employees to accept an offer of employment from the service provider. The sourcing agreement would also contain provisions which deal with the transfer of accrued entitlements to leave. The transferring employees, accumulated personal leave transfers across with them once they become employed by the service provider. This accumulated right cannot be given up by the employee, or taken away by the customer, even by agreement. In the case of accrued annual (or recreation) leave, it can either transfer across with the transferring employee or the parties can agree that the customer will pay out the accrued entitlement to the employee. In the former case, there is typically either a payment by the customer to the service provider representing the accrued annual leave amount, or there is an equivalent adjustment to the commercial financial terms. 76  |  Sourcing Reference Guide

77) SOURCING REFERENCE GUIDE Adjustments between the parties for personal leave accruals vary as it is a contingent liability (ie. if an employee does not use the personal leave, he or she does not receive a financial amount in lieu or have it cased out) and the extent to which that accrued personal leave may be used is difficult to quantify. Sometimes a percentage such as 20% of the accrued entitlement is adjusted (in dollar terms) between the customer and the service provider. Employees in Australia are all entitled to paid long service leave after certain minimum periods of service. Long service leave legislation requires that the length of service of transferring employees must be recognised by the service provider for long service leave purposes when there is a transfer of business. Long service leave is generally determined in Australia on a state by state basis (with different legislation in each state). However, in general terms the minimum entitlement is 13 weeks after 15 years of service or 2 months after 10 years of service. However, employees have a right to a pro rata payment of that accrued long service leave on the termination of their employment, usually after either 5 or 7 years. Outsourcing will often constitute a transfer of business for long service leave purposes especially if any assets used in the transferring business move from the customer to the service provider. Most employees have a right to at least a pro rata amount of long service leave after around 7 years. As a result there is typically an adjustment between the parties for long service leave for any transferring employees with 5 years or more of service. The sourcing agreement also typically contains indemnities as between the customer and the service provider that deal with obligations in relation to the transferring employees entitlements prior to, and after, the transfer date. The sourcing agreement may also contain a provision which requires the customer to warrant that the accrued entitlements of the transferring employees as at the transfer date are accurately stated. Consultation Australian laws require that where 15 or more employees in a business may be affected by redundancy, their employer is required to consult with them and any relevant union and notify a federal body known as Centrelink (which deals with unemployment benefits) prior to the redundancy occurring. Consultation must explain the reasons for the redundancy, the employees affected and any measures undertaken by the employer to avoid or minimise the impact. Australian laws also require employers in those circumstances to explore redeployment opportunities within the business prior to terminating an employee on the grounds of redundancy. Federal awards and workplace agreements that apply to employees will also typically impose similar consultation requirements (even if less than 15 employees are affected) and may even require more extensive consultation or processes to be followed. Therefore, an employer considering outsourcing must also consider any provisions in the workplace agreement it has negotiated with its employees which may impact on its ability to effect redundancies or the manner in which it does so. Any such obligations must be complied with. 77  |  Sourcing Reference Guide

78) SOURCING REFERENCE GUIDE Where consultation in accordance with the above requirements is not undertaken, the potential exists for the employees or their union in some cases to prevent or delay their redundancy being effected until proper consultation occurs, and/or seeking penalties against the employer for breaching those obligations. Failure to properly consult and consider redeployment options may also expose the employer to an unfair dismissal claim. Discrimination claim While the service provider is under no legal obligation to offer employment to any particular employee, it must be careful that does not decline to make an offer of employment to employees for reasons which relate to protected attributes under discrimination legislation (including similar provisions in the Fair Work Act 2009). These protected attributes include race, sex, disability, temporary absence due to illness or injury, union involvement or industrial activity or making or having made a complaint about their employment. Successful discrimination claims can lead to an employee receiving substantial uncapped compensation or reinstatement to their position or an equivalent position, together with the imposition of penalties on the discriminating party. Conclusion The legislative provisions in Australia dealing with transfers of business, are, in general terms, not complex. However, the interaction between transfers of business laws, unfair dismissal laws, redundancy entitlements and discrimination laws mean that the commercial terms of the sourcing arrangement need to be carefully drafted. In addition, ensuring that employee accrued entitlements are the transfer of the employees are properly managed is an important feature of any outsourcing as the redundancy liability (both actual and contingent) is typically very substantial. This requires that job offers being made by the service provider need to be carefully considered (with full knowledge of employees’ current terms and conditions). The selection of which employees are to be made offers of employment (if not all affected employees) is also a critical feature of sourcing. A well planned arrangement will consider employee issues early in the process. This will allow local advice to provide proactive assistance and planning to minimise the legal risks in the process. 78  |  Sourcing Reference Guide

79) SOURCING REFERENCE GUIDE 14. Termination triggers Foreword Sourcing Structures Sourcing Agreement Structures The Services Description Offshoring Timing, Delivery and Delay Service Levels Service Credits Charging Models Tax Benchmarking and Continuous Improvement Compliance Data Protection TUPE and Employee Issues Termination Triggers In a nutshell “Non-fault” contractual termination triggers Fault based termination Local agreements Services Legal effect of Termination Practical Issues  Conclusion: a right not an obligation Exit Management Subcontracting: Risk, Liabilities and Managing the Relationship Secondary Sourcing: Contract Renewal, Insourcing and Retendering Governance Intellectual Property Dispute Resolution 79  |  Sourcing Reference Guide In a nutshell Most sourcing relationships are entered into in the expectation that they will run for several years. However sometimes, part way through the anticipated life of the sourcing, one party wishes to bring the arrangement to an end. There are numerous reasons why this might be the case. Most obviously, it may be that the sourcing arrangement is not working and efforts to resolve this have failed. But one party may also wish to exit the outsource through no fault of the other. Occasionally, several years into the relationship, a customer radically changes its IT strategy and wishes to bring the sourced services back in-house. Alternatively the customer might merge with another organisation, changing its business requirements significantly. Then again, perhaps it is the service provider who has has been sold/acquired and, as a result, the customer has legitimate concerns about receiving its services from this changed organisation. Most sourcing agreements acknowledge these possibilities. They do this by anticipating a number of scenarios where early termination might reasonably be desired, setting out when this will be possible and the consequences. This chapter identifies some of these common contractual termination triggers. Sometimes additional termination rights exist alongside the express contractual termination rights set out in the agreement. These rights tend to be “fault based” (rather than allowing exit for convenience). For example, a sourcing agreement which is governed by English law may include the common law right for either party to terminate upon the other’s repudiatory breach. Such additional rights are jurisdiction specific, arising under the law of the contract. They fall outside of the scope of this chapter. “Non-fault” contractual termination triggers Convenience Whilst by no means standard, some sourcing agreements include a “break clause” by which the relationship can be terminated early for convenience. Typically only the customer is given this right and its desire to be able to exit the agreement early at its convenience can be one of the key issues in contract negotiations. Whether or not a break clause will be included in the agreement is key in negotiations because the anticipated term of the sourcing is pivotal to the service provider’s financial proposal within its bid to win the work. Often, a service provider will incur significant “set up costs” in the early stages of the outsource which it looks to amortise over the agreement’s term. The customer is insulated from such considerations, paying the service provider a smoothed fee throughout the term (albeit perhaps adjusted for, say, the actual volume of services delivered). This means, of course, that where a customer terminates a long term agreement in the early years, its service provider risks being out of pocket.

80) SOURCING REFERENCE GUIDE The compromise in this scenario is for the contract to allow the customer to bring the agreement to an early end provided that it compensates its service provider by paying an early termination fee. Agreeing this in principle is one negotiation. Far more difficult can be agreeing what comprises that compensation. Customers will usually agree to cover the service providers reasonable, unrecovered, set up costs. More controversial are service provider arguments about anticipated profits. The customer will be comfortable with paying for what it has actually received but it will resist underwriting the lost profit element of the outsource. Equally, the service provider will say that it would price a short term arrangement quite differently to the long term relationship that it expected. When it comes to documenting termination compensation within the sourcing agreement, some agreements specify a figure whilst others describe it (essentially, as the costs arising as a consequence of the termination). A figure has the advantage of certainty but is unlikely to reflect the actual costs because these are difficult to calculate in advance. A description can support more accurate compensation but brings disadvantages for both parties as it: (a) introduces customer uncertainty as to how much termination for convenience will cost; and (b) places additional obligations upon the service provider. The latter is because, before being compensated for the actual costs of early termination, the service provider will need to demonstrate that it incurred those costs, that each cost was incurred to supporting the customer (perhaps the cost supported many customers?), that it could not mitigate each cost and so on. Early termination for convenience is not “fault based”. Therefore, provided that the customer pays the service provider its agreed termination compensation (and, provided of course that there are no outstanding disputes), the parties should walk away from the relationship without financial liability to each other. Change of control Sourcing is a sufficiently complex, and long term, relationship for each party to be interested in ensuring that the corporate identity of the other remains consistent throughout the term. Realistically this is not always the 80  |  Sourcing Reference Guide case and either the service provider or the customer might change ownership during the life of the sourcing. In recognition of this, many sourcing agreements include a provision allowing one party to terminate on the change of control of the other. This right is usually balanced with a reasonableness requirement by which the right to termination can only be triggered if the terminating party has a legitimate objection to the new controlling party. This requirement helps prevent any change in the organisation of one party presenting the other with an excuse to terminate for, what is in reality, its convenience. Force majeure A force majeure event is an event which falls outside of the parties’ control and which affects the service provider’s ability to provide the services. Services might not be provided at all, be late or degraded. Examples of events which are often classified as force majeure include extreme weather conditions and political unrest (both of which may be more likely to occur in the service provider’s offshore location than the customer’s home territory). The sourcing agreement will contain detailed Force Majeure provisions setting out the mechanism for dealing with these events (customer notification; obligations to try to mitigate its effect etc). The final stage of this mechanism will almost certainly be the ability for one, or both, parties to terminate the agreement because of the disruption caused by the on-going force majeure event. Again, the parties walk away from the relationship without liability to each other in this scenario. The principle being that, because the event falls outside of the service provider’s control, the service provider should escape liability to the customer for its consequences. Fault based termination None of the scenarios considered so far are triggered by the “fault” of the party receiving the termination notice. However the sourcing agreement will list numerous specific contract breaches which the parties have agreed, should they arise, are sufficiently serious to warrant early termination. Some of these breaches are common to many sourcing agreements, although the fine detail of each termination trigger may be negotiated. In particular, the service

81) SOURCING REFERENCE GUIDE provider will quite reasonably wish to avoid “hair trigger” termination events (where a minor breach of the relevant term of the sourcing agreement triggers the customer’s termination right). Specific contract breaches Typical termination triggers for the breach of a specific contract term include: which apply at the country level. Each local agreement is then read in conjunction with an overarching master outsourcing agreement. In cases like this, where the sourcing is supported by several agreements, the parties need to consider the relationship between the various agreements upon termination. For example: â– â–  â– â–  poor performance (quite possibly as documented by a threshold being reached in service levels/credits – either as a one off event or in aggregate. This threshold will fall outside of the “acceptably unacceptable” performance levels of the service credit regime); â– â–  significant delay; â– â–  breach of confidentiality; and â– â–  breach of laws. Additionally, whilst not triggered by a specific contract breaches, other scenarios commonly included as specific termination triggers include: â– â–  any breach causing significant damage to the customer’s reputation; â– â–  the financial distress of the other party; and â– â–  recommendation/requirement of a regulator. Material breach We have seen that the contract breaches justifying termination which are most probable to arise in practice are individually listed. Additionally many sourcing agreements also include a general “sweep up” provision by which one party can terminate for the other’s “material breach”. Whether or not any particular breach is sufficiently serious as to be considered “material” can be open to question. However customers will seek to include contract drafting making clear that both one single event, and a series of individually less significant events taken in aggregate, should be “material” in this context. Local agreements Chapter 2 (Outsourcing Agreement Structures) explained how, when services are being sourced across several countries, the parties often put in place local agreements 81  |  Sourcing Reference Guide â– â–  if the master agreement terminates does this automatically terminate the local agreements? if one local agreement is terminated how does this affect the other local agreements? How does it affect the master agreement? There is no right or wrong answer to these questions, commercial factors should drive their analysis. For example, perhaps there is one, particularly significant, local agreement which if terminated early would affect the service provider’s ability (commercially) to support the remaining agreements? (A sophisticated customer will appreciate that, even if the service provider is legally bound to the remaining agreements, a relationship which proves unprofitable for the service provider is unlikely to be successful.) Termination should also take into account any additional documents which exist as part of the overall suite of agreements supporting the sourcing. When the main sourcing agreement ends it is likely that those documents should automatically end too and it is good practice to include contract wording which makes this clear. For example, staff related issues might form part of a side agreement which sits alongside the main sourcing agreement and should not “outlive” it. Services The previous paragraph considers the possibility of termination of a local agreement – and the implications that this might have on the remainder of the sourcing. Equally, it is not uncommon in the larger and more complex sourcings for the customer to be able to “drop” certain services from the overall service offering. The extent to which the customer’s desire to terminate a service stream will affect the remainder of the sourcing will vary. The services as a whole might be provided against a sophisticated financial model and agreement which allows the customer to: (a) increase/decrease

82) SOURCING REFERENCE GUIDE its demand for the services; and (b) add/drop “service towers” (i.e. specific service streams). In this scenario flexibility is inbuilt to the agreement with charges automatically adjusted to reflect the change. That said, there are likely to be parameters placed around this flexibility so that the service provider is guaranteed a minimum service provision (or, more importantly, a certain level of revenue) and the customer benefits from a ceiling upon the charges which can be incurred for any payment period. Building flexibility into the sourcing in this way might allow a service tower to be terminated. However it is rarely intended to set up a mechanism by which the customer can terminate a significant part of the overall sourcing part way through the agreement’s term. At the other end of the spectrum, for a more straightforward sourcing, the customer’s desire to drop a service may fall to be agreed by the parties under change control. Either way, adjusting the services as described does not bring the sourcing agreement/relationship itself to an early end. Legal effect of Termination The legal effect of early termination turns upon its basis. However, the most likely scenario is that the sourcing agreement ceases to exist from the date of termination. In other words, it is not unwound retrospectively but all future obligations that would otherwise arise out of it fall away. That said, certain contractual provisions which are designed to survive contract termination will remain in force. For example, the parties’ obligations of confidentiality are likely to continue, as will the exclusions and limitations placed on each party’s liability to the other. The latter is significant where the termination is fault based because a fault based termination will almost certainly be coupled with a damages claim. Additionally, in some jurisdictions such as Belgium, retrospective effects may occur under certain conditions. Local perspective: Middle East When considering a proposed outsourcing agreement involving the Middle East, it is important to bear in mind that applicable local laws may: â– â–  â– â–  â– â–  â– â–  require the parties to act in good faith towards one another; stipulate that a court order is required in certain circumstances for termination to be valid; in the case of a material breach, mean that for the sake of certainty it is preferable for the contract to be explicit as to what constitutes a material breach; codify laws with respect to the effect of certain supervening events on a party’s right to terminate the contract. As such, the local laws should be considered and suitably addressed in the relevant contract so that the intention of the parties is articulated in a way which is most likely to be enforceable under applicable local laws. Practical Issues From both a practical and a commercial point of view, termination may well not be ideal, particularly when it happens within a short time frame. Chapter 15 (Exit Management) outlines some of the ways that a well thought out Exit Strategy, which has previously been agreed by the parties, can facilitate a successful transition away from the service provider. (It is fair to say that this document will anticipate a certain amount of lead time as is the case when the agreement reaches its natural end). Conclusion: a right not an obligation Finally, it is worth making the point that either party may actively decide not to exercise a contractual right of termination. The possible contractual termination triggers described above will, should the relevant circumstances arise, give a party a right to terminate the sourcing agreement – not an obligation. July 2014 82  |  Sourcing Reference Guide

83) SOURCING REFERENCE GUIDE 15. EXIT MANAGEMENT Foreword Sourcing Structures Sourcing Agreement Structures The Services Description Offshoring Timing, Delivery and Delay Service Levels Service Credits Charging Models Tax Benchmarking and Continuous Improvement Compliance Data Protection TUPE and Employee Issues Termination Triggers Exit Management In a nutshell  Process for agreeing an exit strategy Key issues Identify the assets Valuation of assets Transfer of assets Transitional Services Price and payment  Managing exit during the life of the contract In a nutshell All good things come to an end; any sourcing agreement will expire or terminate. Managing the transfer back to the customer, or to a replacement service provider, is as important as managing the initial transition out to the service provider. Essentially a pre-nuptial agreement is needed for (in this case) the inevitable divorce. Exit is unlikely to be a priority when Requests for Proposals and Responses are being prepared (except perhaps for the lawyers and other external advisers). Nevertheless, the same level of rigour, if not of final detail, should be applied as is used in planning the original outsource. Exit is generally a rough mirror of that transition; albeit made more complicated by the difficulties of predicting the future and the potential for divergent interests of the parties. Process for agreeing an exit strategy From a customer’s point of view, it should ideally have formulated a broad exit strategy before contract negotiations begin. Whilst it is not uncommon for the customer’s chosen service provider to be asked for a first draft of the exit plan (on the basis of its exit experience), this approach understandably encourages the service provider to offer what it is willing to provide rather than what the customer needs. Either way, the key is to arrive at an unambiguous document which deals in a bespoke manner with the specifics of the relevant transaction. It should detail specific tasks, desired outcomes and timescales – but also be flexible (more of which later). Inevitably, some aspects will be covered at a high level. Exactly how exit is finally handled will vary considerably depending on both the customer and (significantly) the services being sourced. That said, whilst the answers are dictated by circumstance, the starting questions will be broadly the same and are outlined below. Conclusion Key issues Subcontracting: Risk, Liabilities and Managing the Relationship A variety of assets underpin any provision of sourced services. They vary, but are likely to include tangible items (hardware and other physical items of equipment), intangibles (software, intellectual property rights, third party supply contracts and licences, government or similar licences or authorisations), personnel and, perhaps most crucially, data. Secondary Sourcing: Contract Renewal, Insourcing and Retendering Governance Intellectual Property Dispute Resolution 83  |  Sourcing Reference Guide

84) SOURCING REFERENCE GUIDE It is difficult to know at the pre-contract negotiation stage what assets the customer and/or new service provider will require on exit. The key, therefore, is to establish a process to: â– â–  â– â–  identify the assets at the relevant time; anticipate how they will be transferred (and any likely constraints on doing so); â– â–  determine how they are to be valued; and â– â–  set out how risks surrounding them might be allocated. Third party contracts Third party contracts include PC maintenance contracts, telecommunications circuit leases and disaster recovery contracts. The exit process may well allow the customer to identify which contracts it wishes to take on (again, normally this option will be restricted to exclusive, not shared, third party contracts) and how those contracts should be transferred (e.g. assigned, split or novated). The process should also reconcile any payments made in advance/arrears and allocate responsibility for actions or omissions (which could give rise to claims under the contracts concerned) taking place before or after exit. Intellectual Property Rights (IPRs) This process can then be supported by appropriate arrangements for managing those assets during the life of the agreement and for transitional support on exit. Identify the assets Physical assets The customer should find out which assets will be used exclusively to provide the services to it and which assets are shared across a number of customers allowing the service provider economies of scale. Customers commonly obtain rights (normally just an option) to buy those assets which are used exclusively for it. However expecting access to shared assets postexit is unrealistic. For this reason, sometimes a customer will require that certain, difficult to replace, assets must be used exclusively for it (although this comes at a cost). If physical assets are purchased by the service provider solely and specifically for the provision of the services to that customer, the service provider may require the customer to purchase those assets as it will not want to carry this cost which it undertook for the customer. 84  |  Sourcing Reference Guide IPR, knowhow and confidential information will be created, or obtained, under licence during any sourcing relationship. Examples include bespoke software, new business processes and IT architecture/network diagrams. Inevitably much of these IPRs will be owned by the service provider (or used by it under licence) and yet the continued provision of the services by the customer in-house or any replacement service provider may well rely upon the ability to use or access that IPR. (See chapter 19 (Intellectual Property Rights.) Many exit processes allow the customer to identify the IPRs which will remain essential to it post-exit and set out a process for it to obtain rights to use. From a customer’s point of view, an ideal way to achieve this is for the sourcing agreement to contain provisions requiring the service provider to grant a sufficiently wide licence (nonexclusive, worldwide, perpetual and royalty free) to permit the customer/replacement service provider(s) to continue to use such IPRs after the agreement ends. However, treatment of IPR can be extremely important issue for the service provider which may resist any divulgence of its competitive advantage to a former customer or, worse still, a replacement service provider (which is likely to be a competitor). This sometimes narrows the scope of what IPRs may be transferred or licensed on exit to those that are genuinely essential, as opposed to desirable. Data At least some data will need to be transferred, or at least accessed, after exit. Examples range from data actually handled or processed (e.g. passenger data in sourced airline reservation systems) to data about the way the

85) SOURCING REFERENCE GUIDE services are delivered (such as records of service level performance) and data about the relevant personnel. The exit process should identify the data needed after exit and how it will be accessed or transferred (e.g. the format and, sometimes, testing arrangements). For more mundane things, relevant records should be retained for the necessary periods with access rights granted as and when necessary. Operational data is normally owned by the customer. Discussions are likely to revolve around the level of support the outgoing service provider has to provide in transferring it to the customer/new service provider. In other cases consideration should be given to who owns the data and any IPRs in the media on which it is recorded; this may impact how data can be accessed and used. The most contentious aspect of managing data on exit is normally the scope of the data to be transferred or made available. Understandably, most service providers will jealously guard data relating to exactly how they manage their operations, particularly where they believe they have leading-edge methodologies or practices that they would not want revealed. For the customer, the focus of its attention should be on the data genuinely needed to enable a smooth transition either to the new service provider or back in-house. People Exit strategies should address the issue of personnel exit. The customer (or the replacement service provider) may want specific individuals to transfer their employment on exit and both the exit process and the sourcing agreement itself need to address the application of any local legal requirements. Chapter 13 (Employee Transfer) explains the legal and practical people considerations on exit. Valuation of assets Any exit strategy should include a process to determine the price of assets that are eventually bought. This might be on the basis of open market value, net book value or some other mechanism. To avoid surprises, the sourcing agreement should specify the particular accounting treatment to be applied (eg straight line depreciation over a fixed period). 85  |  Sourcing Reference Guide Transfer of assets Exit strategies need also to build in processes for identifying any restrictions to transfers. For example, major items of equipment may have been leased or financed by the service provider, and therefore require special buyout procedures or lease assignments. Transitional Services The parties should consider what specific measures need to be put in place to ensure, as far as possible, the transition process runs smoothly. At the highest level this might involve allowing a limited degree of flexibility over exactly when the main service ends. At a more detailed level there are normally a range of additional tasks, not falling within the scope of the core services, which will need to be undertaken to effect a smooth exit. Such tasks depend upon the particular circumstances but examples include: segregation of the service provider’s equipment and data from the customer’s; providing data for, and assisting with, test runs of the new system; preparing a plan to deal with third party service providers and customers; and developing communications policies in relation to staff (and potentially unions). How will any service level and service credit regime apply during exit? Customers will likely argue that it should continue while service providers may respond that such a regime is intended to apply to service provision in steady state, not during preparations for exit. Price and payment The cost of creating an exit strategy and its review is often included in the service provider’s service charge. However, this allowance is likely to be insignificant when compared to the broader costs of exit. Realistically, it is difficult to convince a service provider to deliver meaningful exit arrangements for nothing. Thus the real costs of exit, as far as they can be anticipated, need to be built into the original cost model for the transaction as a whole. This will often entail identifying in the exit plan what tasks will be performed by the service provider at its own cost and what aspects will be paid for by the customer (usually at daily consulting rates).

86) SOURCING REFERENCE GUIDE Managing exit during the life of the contract As most sourcing agreements tend to run for a number of years, the services provided and the technology on which they are based will often change. Consequently, the sourcing agreement’s exit provisions must be flexible enough to accommodate change. It is common for sourcing agreements to include mandatory periodic reviews, and updating, of the exit strategy. However, realistically these reviews may not always take place when planned (if at all). This makes it essential, for customers in particular, to include a fall-back arrangement even if this is only a set of minimum exit arrangements. Customers sometimes couple this fall back arrangement with measures to protect those assets they require on exit. However fettering the service provider’s options (for example restricting its ability to finance kit through leasing) can restrict the service provider’s ability to reduce costs. A common compromise is to limit the service provider’s ability to make material changes within, say, six months of the anticipated expiry date. (Of course, this compromise is of no use if the agreement comes to an end abruptly.) In a similar vein any sourcing agreement should stipulate the information relating to exit that is to be collated and provided by the service provider during the course of the agreement and upon its termination. Examples include asset registers, third party contracts and employee records. It is good practice to also have provisions relating to its format, retention periods and destruction of such records. 86  |  Sourcing Reference Guide Conclusion The exit strategy is a key management issue throughout the life of the sourcing agreement. A comprehensive exit plan, which is reviewed and updated by both parties from time to time, facilitates a smooth transfer of services and necessary know how and assets in the final stages of the sourcing relationship. Desktop example Comparing the sourcing of desktop support with the sourcing of a wide area telecommunications system demonstrates the different elements that may need to be handed over on exit. For desktop support, often relatively little equipment or facilities are solely dedicated to the customer, except perhaps a volume of dedicated spares and some onsite engineers. For the telecoms system, the core service will involve considerable amounts of hardware and physical connections, all of which generally require time to move or replace. What’s more, when considering intellectual property on exit in the context of telecoms services, customers who need access to the information contained in network diagrams may need not only access to the diagrams but also the rights to copy them. The copying will require a licence if the IP in the diagrams is retained by the outgoing service provider. July 2014

87) SOURCING REFERENCE GUIDE 16. SUBCONTRACTING Foreword Sourcing Structures Sourcing Agreement Structures The Services Description Offshoring Timing, Delivery and Delay Service Levels Service Credits Charging Models Tax Benchmarking and Continuous Improvement Compliance Data Protection TUPE and Employee Issues In a Nutshell In its most basic form, subcontracting involves a service provider entering into a services/supply agreement with its customer and, by separate legal agreement, agreeing that a third party, its subcontractor, will provide some of those services or supplies. However, particularly in the sourcing context, subcontracting can be more complex. The overall project might involve more than one service provider, all of which (might) contract directly with the customer, all of which might have more than one subcontractor (and quite possibly some sub-subcontractors too). Failure to understand, and address at the outset, the issues associated with subcontracting can undermine a sourcing project. Ultimately, the customer risks finding itself without sufficient control over the project to ensure that it receives successful, and timely, service delivery. To avoid this, key considerations for subcontracting include: â– â–  Termination Triggers Exit Management Subcontracting: Risk, Liabilities and Managing the Relationship In a nutshell Status of the Service Provider Sourcing Structure Contractual provisions Project Management â– â–  Conclusion Secondary Sourcing: Contract Renewal, Insourcing and Retendering Governance Intellectual Property Dispute Resolution â– â–  â– â–  The status of the service provider entering into the sourcing agreement (e.g. is it a joint venture/special purpose vehicle or it is a fully functioning services company?); The structure for the sourcing (is it single or multisource?), and the relationship between the service provider and its subcontractor(s), the role(s) of the supporting subcontractor(s), and the division of responsibilities between them; Specific drafting issues at each contractual level, from the sourcing agreement to the subcontracts; and Project management and governance issues in relation to the subcontractor(s). Each of these aspects are considered in more detail below. Status of the Service Provider Joint venture/special purpose vehicle Chapter 1, Sourcing Structures, explains the different ways that sourcing relationships are commonly structured. Where the service provider is the product of a joint venture or some other special purpose vehicle (“SPV”) set up for the specific sourcing project, then it is not uncommon for it to have very few assets and/or resources (in particular human resources) with which to perform its obligations to the customer under the sourcing agreement. The SPV’s contractual obligations are therefore necessarily subcontracted to third parties (which usually include the shareholders’ companies behind the SPV) to perform. From the customer’s perspective, it may require direct undertakings from those subcontractors relating to the performance of their subcontracts, as well as undertakings from them regarding their credit rating and insurance. 87  |  Sourcing Reference Guide

88) SOURCING REFERENCE GUIDE The customer will probably also want more involvement in the content and negotiation of the subcontracts (see “Contractual Provisions” below) than it would do for a non-SPV relationship to ensure that each subcontractor is sufficiently “on the hook” in providing the services. In a scenario like this, where a sourcing involves particular reliance on subcontracting, a customer should carry out sufficient due diligence to satisfy itself as to the underlying quality of the SPV’s subcontractors, specifically their individual and, where relevant, collective ability to perform the required services to the required standards. Established service provider In contrast to an SPV, an existing, fully functioning service provider will probably perform many of the services required under the sourcing agreement itself and only subcontract discrete parts of the overall services offering to subcontractors. Whilst this means that some of the concerns associated with contracting with an SPV do not apply, a customer should still consider and address all of the key performance related issues addressed above. In addition, depending on the ‘worth’ of the services company and its ‘market track record’, a customer may require a guarantee from the service provider’s parent regarding performance of the contract and/or financial performance should liabilities arise. Sourcing Structure Further issues arise where (as is not uncommon) more than one subcontractor supports the overall sourcing project: â– â–  â– â–  â– â–  Are the subcontractors’ services different or the same? Will they be providing services simultaneously or sequentially? Are there dependencies between the subcontractors which could affect their ability to provide their part of the services? Where the project will rely upon several subcontractors, to facilitate smooth services provision their subcontracts should, ideally, include certain key concepts including those which are highlighted below. 88  |  Sourcing Reference Guide Cooperation In all likelihood, in the multiple subcontractor scenario the various subcontractors will need to cooperate with each other to ensure integration of their services and deliverables with each other. This is likely to be covered as a general obligation in the sourcing agreement which then flows down to each of the subcontractors. The service provider is therefore responsible to the customer for ensuring cooperation between its subcontractors and for integration of the services. In more complex situations, where perhaps multiple service providers contract directly with the customer, each relying upon multiple subcontractors, the customer may insist upon a standalone cooperation agreement between the customer, its service providers and their subcontractors. The advantage of this approach is that the customer has direct contractual recourse (and remedies) against each subcontractor in the event that cooperation obligations are breached. Apportioning the Services The division of the overall service offering amongst the subcontractors is particularly important where the service provider is not providing the services itself but rather is reliant upon its subcontractors to collectively provide all of the services. The service provider will need to ensure that every element of the overall services to be provided under the sourcing agreement is provided by one of the subcontractors. This sounds obvious, but it can prove difficult in practice because there are always areas of the services that do not neatly fall into any of the subcontractors’ defined services. It is usually a matter of agreeing between all of the subcontractors which of them will take on the various stray elements of the services. In some circumstances, the subcontracts include a process for agreeing later which subcontractor shall take on the responsibility for which particular services. Where, as is often the case, certain elements of the sourced services are business critical, a customer may insist that those key processes and/or systems are handled by the service provider itself and not subcontracted. However, the service provider may argue that it should have the freedom to use any subcontractor, provided that it still meets all of its obligations to the customer.

89) SOURCING REFERENCE GUIDE Multi-party disputes Drawing upon the expertise of multiple subcontractors often brings practical/technical advantages for a customer because it benefits from the best service provider for each particular element of the overall sourced services. However, the compromise is that the use of multiple subcontractors also has the potential to create management/legal challenges by facilitating a blame culture for any service failure. In order to avoid a “circle of blame” amongst subcontractors, it is essential therefore to include a well thought out and pragmatic dispute resolution mechanism. Where there is a standalone cooperation agreement the mechanism will form part of that document. Otherwise, it will be included across all subcontracts. One sensible option, but not necessarily suited to all situations, is to have a mechanism whereby: â– â–  â– â–  the customer (having imposed such an obligation upon the service provider in the sourcing agreement) can require its service provider to fix a service failure first and apportion liability between it and the various subcontractors later; a subcontractor is obliged to assist with any dispute where it is named, be it by another subcontractor or by the service provider, as contributing to any failure (whether such dispute procedure arises under the sourcing agreement or under a subcontract). â– â–  â– â–  â– â–  â– â–  â– â–  â– â–  â– â–  Contractual provisions The Sourcing Agreement The customer will seek various contractual rights within the sourcing agreement which relate to the service provider’s subcontractors. Depending on the nature and size of the sourcing project, these rights might well include: â– â–  A requirement that the service provider obtains the customer’s consent in writing before any subcontractor is appointed and/or that the service provider only draws from an agreed list of subcontractors; 89  |  Sourcing Reference Guide The customer’s right to remove personnel (including those of the subcontractors) from the project; Where customer staff will transfer directly to a subcontractor (see Chapter 13, Employee Transfer), various staff related protections and indemnities from the service provider (who will, in turn, pass these down to the subcontractor). As explained in Chapter 13, these protections and indemnities should also extend to any secondary staff transfer issues arising on the expiry or termination of the services; The ability for the customer to require the service provider to stop using a subcontractor should the subcontractor’s credit rating fall below a certain level or if it faces other financial difficulties or undergoes a change of “control”; The right for the customer or a third party supplier to “step in” where there has been, or is likely to be, a material failure by a subcontractor under its subcontract; The right for the customer to audit the subcontractors’ books and accounts, in the same way that it can audit the service provider; Appropriate reporting obligations so that the customer has confidence that the service provider will be able to fulfil its reporting obligations; and In some situations, approval by the customer not only of the identity of the subcontractor but also of the subcontracts themselves before signature. (This is to enable the customer to satisfy itself that the relevant obligations that it agreed with the service provider have been properly flowed down to the sub-contractor – and in particular that the customer’s rights/protections are indeed included in the subcontract). Conversely, the service provider will look to obtain the various rights from its customer that are necessary for its subcontractor(s) to provide the subcontracted services. These rights may include: â– â–  Licences for its subcontractor(s) to use the customer’s own software or third party software (to the extent that the third party software is capable of being assigned, novated or sub-licensed);

90) SOURCING REFERENCE GUIDE â– â–  â– â–  The right to disclose the customer’s confidential information to its subcontractor(s) – purely to the extent necessary for the provision of the services and subject to appropriate protections; and Where necessary, the right of the subcontractor(s) to occupy the customer’s premises for the purposes of providing the services. an acceptance certificate for certain deliverables within a certain number of days from delivery. In the subcontract, this obligation will be for the service provider to “use all reasonable endeavours to ensure that the customer provides the acceptance certificate [within the timeframe]”. This dilution is clearly to avoid the service provider putting itself in breach of subcontract because of the customer’s actions/ omissions. The Subcontract In the subcontract, the service provider is likely to flow down certain of its obligations to the subcontractor. In addition, however, some of the customer’s rights will also flow down from the sourcing agreement into the subcontract where they now become the service provider’s rights. For example, the customer’s right to audit the service provider will become, in the subcontract, the service provider’s right to audit the subcontractor. Whilst theoretically straightforward, in reality this flow down of rights, obligations and liabilities is not always so easily achieved. For example, a service provider might find it difficult to impose certain terms if its subcontractor finds them objectionable (e.g. the precise detail of the audit rights). It is partly to minimise this risk that for significant sourcings, where the subcontract itself is high value and/or complex, the service provider will consult with its subcontractor when negotiating the terms of the sourcing agreement. Rights may also need to be obtained from the subcontractor and passed “up” to the customer. Examples of issues requiring particular consideration include: â– â–  â– â–  â– â–  â– â–  The timescales imposed on the subcontractor – these need usually to be less than those imposed on the service providers. For example, timescales for responding to change requests or remedying breaches; Apportionment of liability including liability caps and back to back indemnities; The licences required from the subcontractor for subcontractor owned or other third party software; and The dilution of customer obligations by the service provider. For example, the sourcing agreement might contain an obligation on the customer to provide 90  |  Sourcing Reference Guide Project Management A critical issue for any subcontracting arrangement is project management. Within the sourcing agreement itself the service provider will have agreed to produce reports and to generally manage the service delivery and relationship. Fulfilling these obligations will inevitably include ensuring that the subcontractor is performing the services covered by the subcontract, ideally in such a way that the service provider is aware of, and can deal with, any likely problems in advance – thereby preserving its relationship with the customer. To achieve this aim the service provider will often shorten the timescales within which reports are to be produced by a subcontractor, thereby giving the service provider sufficient time to address any issues with the subcontractor before reaching its own deadline for presenting the reports to the customer. A subcontractor’s involvement in a sourcing project will change over time and this should be reflected in its management obligations. For example, it may be necessary to have the subcontractor represented on a project review committee during the migration stage of a sourcing project, but not once the operational services are up and running. Conclusion In order for a customer to achieve a successful sourcing project where subcontractors will be used, it is critical (for both customer and service provider) to have sufficient knowledge and control of any subcontractors. September 2014

91) SOURCING REFERENCE GUIDE 17. SECONDARY SOURCING: Contract renewal,  insourcing and retendering Foreword Sourcing Structures In a nutshell Offshoring All sourcings eventually run their course, whether through reaching their planned end date or through earlier termination. Clearly, given the nature of many sourced services, before the contract end date is reached plans must be put in place to enable service continuity going forward. Timing, Delivery and Delay Essentially there are three options: Sourcing Agreement Structures The Services Description Service Levels Contract renewal The incumbent service provider continues to provide the services – on the same or varied contract terms Tax Insourcing Operations are brought back in-house to the customer Benchmarking and Continuous Improvement Retendering The entire tender process is run again and an entirely new agreement is put in place with a new, or possibly the incumbent, service provider Service Credits Charging Models Compliance Data Protection TUPE and Employee Issues Termination Triggers Exit Management Subcontracting: Risk, Liabilities and Managing the Relationship Secondary Sourcing: Contract Renewal, Insourcing and Retendering In a nutshell  Crafting a secondary sourcing strategy Which option is the most appropriate will turn upon the needs of the particular customer, given the particular services, at that particular time. This chapter considers how to identify the best option (or combination of options) and the key issues associated with each. It predominately focuses upon the customer’s viewpoint because it is the customer who leads the secondary sourcing process. However, service provider drivers and concerns are also highlighted. Did you know? â– â–  Up to 3/4 of all outsourcing deals are renegotiated (Outsourcing Leadership). Crafting a secondary sourcing strategy Contract renewal Insourcing Retendering Identify the best option Conclusion Governance Intellectual Property Dispute Resolution Understanding the existing contract Gather market information 91  |  Sourcing Reference Guide

92) SOURCING REFERENCE GUIDE Identify the best option The first step for any customer is to identify which approach best fits its needs. Key factors taken into account at this early stage include: whether the parties to the initial sourcing have worked well together â– â–  â– â–  whether key targets were met â– â–  the financial viability of the original arrangement â– â–  the budget available going forward whether cross-company shared services initiatives exist that the parties wish to pursue. â– â–  This assessment may well involve obtaining legal and financial advice to compliment the internal assessment of the success of the initial sourcing arrangement. Understand the existing contract terms Next, a customer should consider the existing sourcing agreement to scope the level of support given under it and the customer’s ability to take its preferred option. This is because, where a significant change to the arrangement is desired, the terms of the existing agreement can make implementing the change commercially challenging. Key considerations for the existing agreement: â– â–  â– â–  â– â–  â– â–  â– â–  For an agreement coming to an early end, identify the termination rights (and any associated consequences) and relevant notice periods Have asset registers been maintained? If so, these should be reviewed. Are the assets underpinning the services transferrable (and at what cost)? If not, are alternative assets readily available and, again, at what cost? How comprehensive is the exit schedule? How much co-operation must the service provider give the customer or a replacement service provider? What terms govern the transfer of staff? More generally, is the sourcing agreement still fit for purpose? 92  |  Sourcing Reference Guide This analysis is likely to involve some level of legal support and the answers to some of the questions may differ dependent upon whether the customer wishes to bring the service in-house or appoint a different service provider. Gather market information Finally (or in parallel), the customer should collect as much information as possible from service providers to make the right decision for its business; conversely service providers should provide as much information to retain, or create a new relationship with, the customer. This information gathering process should include particulars of how the market has progressed since the initial sourcing (which may have been several years ago), an analysis of new market leaders and the identification of any regulatory change that will impact upon potential future arrangements. Current trends indicate that all three types of secondary outsourcing have been used successfully in recent times. Ultimately, the customer’s business requirements will dictate which strategy (or combination of strategies) to pursue. Key issues for each strategy are considered below. Contract renewal Renewal of a successful sourcing relationship Where the primary sourcing relationship is a success, there may be no need to change the arrangement. Ideally, the service provider will have delivered in accordance with the terms of the sourcing agreement, market conditions and regulatory requirements will not have drastically changed from when the agreement was entered into and the relationship between the customer and service provider developed into fruitful commercial partnership. In these circumstances there is rarely any perceived benefit in bringing the operations back in-house or in changing service provider.

93) SOURCING REFERENCE GUIDE Renewal of a less successful sourcing However even where the existing sourcing has proved less than ideal, sourcing agreement renewal may still be the best overall option for the customer. This might be because: â– â–  it is the cheapest option â– â–  it is the option least likely to cause business disruption â– â–  â– â–  â– â–  â– â–  it potentially avoids the lengthy negotiations required for retendering it avoids the need to employ staff (which are required for insourcing) it avoids the need for exit assistance/termination and the associated costs (although contract renewal is certainly not cost-free) the underlying sourcing agreement’s exit provisions/ termination assistance regime do not support the exit (in this scenario, more comprehensive terms could perhaps be negotiated to support exit at a later date). Renewal of a less successful sourcing is particularly attractive where there is no guarantee that the alternatives of insourcing or appointing a different service provider will remedy the shortcomings of the particular sourcing in question. It may, of course, be that the issues are on the customer’s side. However ultimately, whether or not to renew a service which falls short of expectations is a question of degree. Clearly, if there is a substantial or complete breakdown of the initial sourcing arrangement then exit is necessary. Renewal on existing terms Once the customer has decided upon contract renewal with the incumbent service provider, the key question becomes: “On what terms?”. At its simplest, if the sourcing agreement is to be renewed on exactly the same terms, the parties can use the change control/variation procedure to simply extend the contract length. However, it is more likely that the parties will hope to tidy up certain elements of the sourcing agreement which, while not controversial throughout the life of the contract, could be improved. These variations can be 93  |  Sourcing Reference Guide done simultaneously with the extension of the contract term. (Some sourcing contracts even contain the specific option to renew with the associated right to vary certain, specified, provisions at renewal.) Renewal on different terms Alternatively, completely new terms might be sought by either party (or both) and a formal renegotiation process undertaken by customer and service provider. In this scenario, before negotiating terms: â– â–  â– â–  â– â–  the customer should clarify internally whether it is most concerned about price, performance, location or some other element of the initial sourcing the service provider should assess its negotiating position – might the customer open up the process to alternative service providers if it negotiates too hard? conversely the customer should assess the importance of retaining that particular contract to the service provider. Is the customer (or the service provider for that matter) particularly prestigious and/or a key “partner”? Either party might be able to use legislative change and legal development as a bargaining tool. Ultimately, if agreement cannot be reached on the terms of renewal, a well drafted escalation process in the original agreement can prove invaluable in achieving resolution. However, regardless of the contract terms, the overriding concern for both parties is the service provider’s ability to support the functionality and infrastructure necessary for the customer’s (potentially significantly revised) requirements. Insourcing Ongoing cost For insourcing, the ongoing cost is a big factor. Although numerous costs can be saved by insourcing, substantial new costs are also triggered, not least that of employing the right people. (This is perhaps not surprising given that many customers outsource in the first place to achieve cost savings.)

94) SOURCING REFERENCE GUIDE Efficiency However, bringing a service in-house can (but does not always) bring with it the potential for services to performed locally, more quickly and in a more streamlined manner. A customer may even be able to pursue long term product/service development aspirations through establishing its own know-how in the relevant, previously-outsourced, sector. Capabilities and knowledge transfer Crucial to any insourcing’s success is the customer’s ability to take over the operations. Necessary capabilities include practical requirements (e.g. office space, hardware and software), knowledge (and people) and a strong internal management function to minimize disruption and safeguard quality. If the necessary assets are not transferring, there isn’t an effective exit regime and the sourcing agreement’s contract term has expired, a transition agreement can provide temporary support for the insource. Thought should also be given to whether the relevant assets can be sourced from a third party (Chapter 15, Exit Management, explains service dependencies and the transfer of assets more fully). There may well be certain gaps in the customer’s knowledge capabilities which the service provider can plug at this early stage. Indeed, the incumbent service provider’s employees might even operate in-house for a period of time to train the customer’s staff. Whilst this arrangement might form part of the exit provisions of the original contract it could equally be negotiated at the time. The customer may wish to go further and cherry pick/ lemon drop certain individuals from the incumbent service provider’s team when building up its own staff. Whether or not it can do so will turn upon the terms of the original sourcing agreement, jurisdiction specific relevant employee legislation (see Chapter 13 Employee Transfer) and, of course, the desire of the individuals themselves. Risk transfer Once the insourcing comes into effect, and the service provider has properly performed any transitional functions, there is a complete transfer of risk from the service provider to the customer. This means that if the 94  |  Sourcing Reference Guide services which are subject of the insourcing fail then the liability and ramifications will, generally, lie solely with the customer. Retendering Financial considerations Where a customer has funds, rather than renew the existing sourcing agremeement with the incumbent it may choose to engage in the most expensive of the options – running a competitive tender process all over again. The appeal of this option is that, whether choosing a new service provider or keeping the incumbent, a competitive tender process should provide better value for money for the customer in the long term. This might be by way of improved service delivery, by the services being provided at a more competitive rate, or both. Benchmarking As a minimum, the sourcing agreement’s benchmarking/ improvement provisions may encourage the service provider to improve its services or offer better rates. (They might also trigger a price adjustment so that the customer pays a sum that is in line with how the market has advanced.) Chapter 10 explains benchmarking more fully. Full retender However, where the incumbent service provider is no longer a market leader and/or the initial sourcing has not been successful, the customer may decide to open up the process to new potential service providers. In this scenario the customer will need to determine its (quite possibly revised) requirements and then essentially run the same process as for the original sourcing project. All of this comes with a financial cost but there are also other difficulties. It is not unusual for the incumbent service provider (if it is bidding) to believe it has a significant advantage over the other bidders because of its familiarity with the customer’s business. Possibly, the knowledge that a retender is planned, will prompt the service provider to revisit its offering before the process commences. Whilst a relatively informal process, this can prove “win-win” for the parties. The customer might receive an enhanced offering whilst the service provider

95) SOURCING REFERENCE GUIDE avoids the (not insignificant) cost of a full retender and may still end up with a more profitable relationship that it would have done after a full retender process. Insourcing Where the incumbent service provider is selected again following a retender process, business disruption will be negligible as there will be no need for transition. However, much like when a contract is renewed with the service provider on new terms, it is imperative that the service provider demonstrates it has the capacity to deal with any new/transformation requirements. If, following a retender, a new service provider is chosen, the incumbent service provider will need to provide exit assistance or transition services. This will raise similar concerns as for transition on an insourcing (see above) but with the added complication that incumbent service providers are understandably wary of transferring assets and knowhow to a competitor. Employee transfer legislation and employment terms should also be considered by the incumbent service provider as those individuals will, potentially, now be transferring to a direct competitor (see Chapter 13). Conclusion Apparent from the above is that each option has its advantages and drawbacks, and so the need of selecting the option which best suits the business needs of both the customer is of paramount importance. Contract renewal â– â–  â– â–  â– â–  The least costly process. Most suitable where the original sourcing is a success and its terms are still suitable for current requirements and conditions. Also chosen for some less successful sourcing relationships because it is the least expensive/disruptive of the three options. 95  |  Sourcing Reference Guide Attractive to customers where dayto-day control is critical. â– â–  Comes with an ongoing cost (e.g. staff). â– â–  For their part, new bidders may be of the opinion that the customer is merely attempting to negotiate a more favorable cost structure with the incumbent service provider and be unwilling to fully cooperate. New Or Incumbent Service provider â– â–  Transitional arrangements are key. â– â–  Retendering â– â–  â– â–  Service providers can benefit from transitional opportunities. The most involved and, initially, most costly process for both parties. Often used where long term cost savings and labour arbitrage are drivers and/or the relationship with, or performance by, the incumbent is poor. Ultimately, whichever one or more of these options is chosen, proper planning up front will support the full range of possibilities and give the customer enough information to make an informed decision. Public sector perspective In the EU, procurement law may also impact upon the insourcing. If a Contracting Authority has full control over the department carrying out services then procurement law is unlikely to apply. However, where there is only partial control there will be procurement law considerations (e.g., Teckal considerations) upon a retendering. One possibility is for the parties to agree to use the existing framework. However, there may be legal requirements for a bespoke procurement process (e.g., a bespoke OJEU procurement). Local Perspective A topical issue is a growing trend in local laws requiring an increased percentage of nationals in a business’ workforce. It may therefore be necessary for some businesses in particular jurisdictions to bring their operations in-house for legal or political reasons. (For example, in Gulf States such as the Kingdom of Saudi Arabia and the United Arab Emirates and in individual States; The Victorian Industry Participation Policy of Victoria Australia.) September 2014

96) SOURCING REFERENCE GUIDE 18. Governance Foreword Sourcing Structures Sourcing Agreement Structures The Services Description Offshoring Timing, Delivery and Delay Service Levels Service Credits In a nutshell Governance is the overall process by which the service provider and the customer oversee and regulate their relationship. If a sourcing relationship is going well then it loses some significance. But if the project runs into difficulties a good set of detailed governance procedures can provide focus and help to facilitate resolution by imposing a pre-defined process upon the parties. There is no one size fits all set of governance practices. Essentially it is about relationships, information and change. Charging Models Tax The process Benchmarking and Continuous Improvement The governance provisions in any contract outline the framework within which the parties meet and report to discuss the progress (in implementation, performance or so on) and to resolve any commercial, operational or technical issues that might arise as part of the project. Compliance Data Protection TUPE and Employee Issues Termination Triggers Exit Management Subcontracting: Risk, Liabilities and Managing the Relationship Secondary Sourcing: Contract Renewal, Insourcing and Retendering The particular governance provisions required, and the level of detail, will depend upon (amongst other factors): â– â–  â– â–  â– â–  Governance In a nutshell The process Key issues Key Personnel Conclusion Services specific considerations Intellectual Property Dispute Resolution â– â–  â– â–  the level of co-operation required between the parties if the project is to be successful; the term of the sourcing agreement; the financial size of the agreement – the more that the customer is paying for the project the more likely it is to require a close working relationship (or at least reporting lines) with the service provider; the business criticality of the services being provided; and the degree to which the governance arrangements need to be compatible with existing customer governance structures and processes. Unsurprisingly, given that sourcing projects tend to be high value, long term commitments, are often business critical and require the parties to work together, the governance provisions within an sourcing agreement will be more comprehensive than in many other legal contracts. For some projects the governance framework will be fully developed and set out when the agreement is signed. Alternatively the sourcing agreement might specify a procedure under which formal rules can be established. These rules are then commonly embodied in a code of practice which details the operational and management processes by which the services are delivered but, as a document, is non-contractual. However, if a formal and robust arrangement is required, the former approach is recommended as best practice. 96  |  Sourcing Reference Guide

97) SOURCING REFERENCE GUIDE Key issues There is no standard list of items that should be covered by governance; the provisions will vary from project to project. However, some of the most common areas are listed below. Examples of records that should be kept (and kept up to date) include: â– â–  â– â–  Relationship structure Good communication allows the prompt identification and resolution of problems, building an atmosphere of mutual trust and appreciation of the other party’s priorities. The three principal levels of communication in a contractual arrangement are: Strategic Contract managers on both sides Operational Often the parties establish nominated representatives, boards, steering groups or committees. These may relate to specific tasks (e.g. transition; annual review; problem resolution) or to the general operation of the agreement (such as a project board). The parties should consider: â– â–  The remit/terms of reference of each body; Its constitution (members) and the process for changing members; â– â–  The frequency and locations of its meetings; â– â–  Setting of agendas and keeping of minutes; â– â–  â– â–  â– â–  Technical and frontline staff Communication should be peer to peer with routes for escalation where problems cannot be resolved. â– â–  â– â–  Senior management Business â– â–  Voting systems, quorum and handling of any deadlock; and Escalation route to any higher body. These relationship structures should have clear, seamless, links to the dispute resolution procedure. See chapter 20 (Dispute Resolution). Records The service provider is usually required to maintain records relating to the operation of the contract. 97  |  Sourcing Reference Guide â– â–  Copy of the sourcing agreement, as changed from time to time; Records relating to boards – current members, minutes, timetable for meetings; Asset registers; Operation and maintenance manuals prepared by the service provider for the purpose of providing the sourced services; Certificates, licences, registrations or warranties obtained by the service provider in relation to the provision of the services; Documents prepared by the service provider in support of claims for the charges; â– â–  Documents relating to the change control procedure; â– â–  Documents relating to the dispute resolution procedure; â– â–  Invoices and records related to sales taxes; and â– â–  Documents relating to insurances maintained under the sourcing agreement and any claims made in respect of them. The contract should include provisions about how, where, at whose cost and for how long such records should be kept and the process for the other party accessing the records. Ideally these requirements will take into account any document retention requirements; they should certainly reflect legal obligations such as those relating to tax records. Reporting The service provider will be required to monitor its performance, submitting reports to the customer at agreed intervals. As well as the service level reports which underpin the service credit regime (see Chapters 6 and 7; Service Levels and Service Credits), reports might cover progress, delay, tests, management information, insurances, security and force majeure event reports. The sourcing agreement will usually set out the agreed format for these. If not it will set up a mechanism for the parties to agree this early on in the service provision.

98) SOURCING REFERENCE GUIDE Change Change in a relationship as complex and long term as a sourcing relationship is often inevitable. The sourcing agreement will include robust provisions dealing with how changes are requested, agreed and controlled. Key issues covered by this process will include: â– â–  Appropriate processes for different kinds of changes; for example some changes may be operational whereas others will be contractual and will require a change to the terms of the contract; The key is for the parties to obtain the right balance between the sharing of information on the one hand and leaving the service provider to get on with providing the services on the other. By agreeing the processes up front then the project can run itself – objective mechanisms getting the parties through difficult moments by taking the heat out of potential disputes, giving early warning of potential issues and allowing their quick resolution before they become material. Services specific considerations The continually changing nature of sourcing arrangements has created now governance challenges: â– â–  Process for requesting, agreeing and rejecting changes; â– â–  Documentation to be used as part of the process; Model Challenge â– â–  Process for accelerating any critical changes; and Multisourcing â– â–  Cost of conducting the change process. Requires close interface between different agreements and results in higher governance effort. Managing the relationships becomes critical. If there are any shortcomings in governance arrangements the stress of attaining value across strategic and tactical service providers will result in strained relationships Outcomes driven Service provider governance becomes more important. Customers must learn to let go and cede more endto-end responsibility to their service provider. Customers should, therefore, focus more on the business outcome rather than the process by which the services themselves are provided. Cloud Demand management is critical. Customers expect “on demand” services and costs must be carefully controlled so that risk is managed and value is provided. The right to reject or mandate changes will be important and where there is exclusivity on either party then it will be critical. A customer who has granted exclusive rights to a service provider will need to have the right to require changes to be made or, if the service provider cannot achieve, the change then the customer should be released from the exclusivity commitment. Key Personnel Key personnel may be on the periphery of governance but can be important where the identity of the people supplying part of the service is important. If the contract was awarded through a competitive process then the customer will want to ensure that the best people remain dedicated to its account. Accordingly the customer may want to include key personnel provisions. These provisions will usually name individuals as part of the delivery team and the service provider will be required to ensure that they dedicate an agreed percentage of their time to the contract. The service provider is also usually required to obtain consent from the customer before changing a person in a key role (sometimes the other party will be able to vet persons nominated as potential replacements). Conclusion Whilst governance seems quite mundane, it is often critical to the success (or failure avoidance) of sourcing projects. 98  |  Sourcing Reference Guide Traditionally sourcing was conducted as “black box” – data was only disclosed during scheduled meetings and in periodic reports. However sourcing agreements are now embracing increased transparency with live data being provided in real time. This helps both parties to continually assess performance, identifying and resolving problems at the earliest opportunity. In this way the parties can achieve a mutually fruitful relationship – a “win win”. October 2014

99) SOURCING REFERENCE GUIDE 19. INTELLECTUAL PROPERTY Foreword Sourcing Structures Sourcing Agreement Structures The Services Description Offshoring Timing, Delivery and Delay Service Levels Service Credits Charging Models Tax Benchmarking and Continuous Improvement Compliance Data Protection Introduction Ownership of intellectual property (“IP”) can present a sticking point when negotiating a sourcing relationship. This is particularly likely where the relevant services are technology-intensive and/or where, by relinquishing IP ownership, the service provider could be prevented from re-using resources for other customers. The significance of ownership or rights to use becomes starkly apparent at the other end of the sourcing cycle, when the project comes to an end and the customer wishes to resume control of the relevant services, or transfer them on to another service provider. The solution, therefore, is to address, at the negotiation stage, the rights that both parties will have not only during the contract term but also after it comes to an end. Only with such clarity can both sides be comfortable that their competing interests are appropriately protected. TUPE and Employee Issues This chapter: Termination Triggers â– â–  Exit Management Subcontracting: Risk, Liabilities and Managing the Relationship Secondary Sourcing: Contract Renewal, Insourcing and Retendering Governance Intellectual Property Introduction Key commercial/negotiating issues Key categories of IP-rich items Local Perspective: Middle East Conclusion Dispute Resolution â– â–  examines the standard negotiating positions of service provider and customer; highlights some of the key categories of IP-rich items which should be borne in mind when negotiating sourcing agreements; â– â–  explains the arguments around ownership and use of each category; and â– â–  suggests how such arguments might be resolved. Key commercial/negotiating issues Negotiations around the treatment of IP in technology-heavy sourcing agreements frequently presents difficulties. Service providers typically argue that they should own the IP associated with fulfilling their obligations under the sourcing agreement. They argue that they will be providing a service, rather than specifically developing IP-rich deliverables for the customer, and so any new IP will likely be ancillary to these services. Accordingly, they will assert that they have the greater need to own such materials because the materials relate to their core business and are necessary for them to maintain their competitive advantage over other service providers. The typical customer response is that, in practice, deliverables focused on the customer’s specific requirements (as opposed to deliverables of a simply generic nature) may well be created by the service provider as part and parcel of the ongoing services. For example, there may be bespoke customer training manuals, technical documents, and interfaces which link the customer’s and service provider’s discrete IT systems. 99  |  Sourcing Reference Guide

100) SOURCING REFERENCE GUIDE These deliverables may provide the customer with its own degree of competitive advantage over its business rivals. Yet, whilst bespoke, they may still be capable of use independent of the service provider’s specific services. It is this concern which drives a customer to set up contract terms that prevent the service provider from extending the benefit of any such new developments to the customer’s competitors, be that immediately or at all. There accordingly follows the negotiation as to the demands of the customer and the competing concerns of the service provider. The service provider looks to avoid giving away ownership of its core commercial products and services to the customer, hopes to be able to re-use any newly developed materials in other sourcing arrangements for other customers, and wishes to minimise the chance of its “crown jewels” being leaked to its competitors. The customer, by contrast, looks to avoid becoming locked in with the particular service provider (as might happen if it becomes dependent on IP that the service provider has developed in providing the sourced services, but which the customer has no continuing rights to use if/ when the contract comes to an end). Key categories of IP-rich items In order to resolve the competing interests of customer and service provider, it is helpful to categorise the deliverables and other items involved in the sourcing relationship by reference to their IP. In all likelihood, once the sourcing services are in “steady state”, the service provider will deliver services to the customer using software and materials broadly falling into the following categories, each of which throws up different types of contractual and commercial challenges: New IP New IP is software and other IP-rich deliverables (for example, documentation) developed by the service provider for the customer specifically in order to provide the sourced services. (Agreements often refer to this “new” IP as “bespoke” or “project-specific” software and IP). 100  |  Sourcing Reference Guide For example, the service provider may be required to develop specific interfaces for the customer’s IT systems, or undertake “transformation” projects in respect of the customer’s existing IT estate, which the customer may expect to be able to continue to use and exploit even if its contract with the relevant service provider has come to an end. (“Transformation” projects are those where there is a distinct fundamental change to the way that the services will be provided, perhaps involving data being moved to a new operating platform.) The first discussion in negotiations will usually concern ownership of new IP. As already mentioned, the service provider’s view may be that since materials are simply “incidental” to the services, they should vest in the service provider. The service provider may equally point out that its ability to provide the best possible services to its customers is in large part dependent on it continuing to develop and enhance its knowledge base, tools and methodologies, and that this is best achieved by ensuring that it retains the ownership rights in any new IP so that this can be freely used on future client engagements. The customer will, in contrast, point out that it is paying for the service provider to develop the new IP and note that, were it to continue to provide the services in-house, it would own the new IP resulting from them, arguing that the sourcing relationship should not detract from this general principle. The customer may equally be concerned that some of the new IP may be specific to its business operations or give the customer something of a competitive edge, and so be concerned about the service provider immediately applying the benefit of any new developments to the customer’s competitors. There is no correct or “industry standard” outcome to this discussion. However, it is fair to say that the customer and the service provider always find a sensible compromise for their particular project which works for both parties. â– â–  Protocol to determine IP covered. Where the approach is taken to limit the customer’s ownership to new IP created “specifically and exclusively” for it, the parties should agree a specific protocol contemporaneously as to how this can be determined. This approach is far preferable to relying on the parties ability to reach some form of retrospective agreement

101) SOURCING REFERENCE GUIDE on the issue at some point in the future, when their relationship might be under some strain (for example, if the sourcing agreement is being terminated by reason of alleged breach). â– â–  â– â–  Licence back to service provider. Since the service provider needs to use the new IP to provide the services, the contract should in any event also include provisions by which this new IP is licensed immediately and automatically to the service provider. The terms typically limit the service provider’s right to use the new IP to the extent necessary for the service provider to provide the necessary services. Sourcing agreements often deal with this problem by carving out the embedded IP from the new IP ownership provisions. Rather than ownership, the customer is granted a perpetual, royalty-free licence to use the embedded IP, albeit limited to use within the specific deliverables or products in which it is embedded (so that it cannot be extracted and used in any wider context). â– â–  Continuing licence. Presuming that the customer owns the new IP, at the expiry or termination of the sourcing agreement, the service provider’s licence to use the new IP will come to an end (although it is sensible to allow the licence to continue while the service provider fulfils any handover requirements). It may, however, be possible for the service provider to obtain some form of continuing licence to use such materials. In return, the customer might seek to agree a reduction in the charges for the sourced services (in recognition of the added benefit the service provider is obtaining) or possibly some form of “gain share” or royalty arrangement. This continuing licence will probably be royalty-free, but is likely to also contain provisions to prohibit use by the customer or any replacement service provider for any other purpose. This is important for the service provider because it prevents the replacement service provider from commercially exploiting the embedded IP in any of its other sourcing projects (and indeed the customer from selling on the IP). Embedded or Background IP However, even this restriction may not be seen by the outgoing service provider as providing sufficient comfort or protection, particularly if the embedded IP can genuinely be said to be part of the service provider’s “crown jewels” (in the sense of being confidential, proprietary materials or products which genuinely differentiate the service provider from its competitors). The customer’s argument here will be that, even if this is the case, it must not effectively be deprived of the use of the deliverables which it paid to have developed (and which may not be capable of on-going use without the embedded IP), or else effectively be “locked in” to the continued services of the service provider. Embedded IP (sometimes called “Background” IP) is the pre-existing software components and IP in other materials which are embedded in, or integral to, the new materials or products developed for the customer. This would include, for example, sections of training manuals and technical documentation which are relatively standard (that is, have not been written specially for the customer) but which are included in the customer’s new bespoke manuals and documentation. It would also catch existing software which is embedded in the customer’s new software. It is a rare customer who will gain ownership of embedded IP, and yet it may well form a crucial part of materials in respect of which the new IP has been developed, and will likely be essential to its continued use (see “New IP” above). 101  |  Sourcing Reference Guide Continuing use. If (as is likely) the customer does not own the IP in the embedded pre-existing materials of the service provider, the sourcing agreement should expressly allow the customer to use it after the service provider stops providing the services. In fact, from the customer’s point of view, the scope of its licence to use embedded IP should ideally expand at that stage, so that not only can the customer bring the services in-house, but any replacement service provider engaged by the customer can also use the embedded IP. â– â–  Categorisation. Further, more explicit, categorisation of specific products or types of material may accordingly be required before both customer and service provider are comfortable with the likely position on contract termination or expiry.

102) SOURCING REFERENCE GUIDE Freestanding IP Freestanding IP means third party items such as off-theshelf software or identifiable products licensed separately from the service provider, which are fairly standalone and (in contrast with embedded IP) are likely to be easily replaceable. For example, the service provider may need to license third party “trouble ticket” handling software for use with a service desk function, but if the service provider’s agreement with the customer comes to an end, the customer could readily obtain its own licence for the same software. In most sourcing scenarios, use of freestanding IP is relatively straightforward to understand, negotiate and document. Service providers might well be placed under a contractual obligation to use off-the-shelf products wherever possible; this provides practical help at the end of the contract term by enabling the customer to arrange for replacement products relatively easily. The customer will expect: â– â–  â– â–  â– â–  The service provider to deal with any third party licences (either by arranging for the third party to license to the customer directly or by putting in place a sub-licence between the service provider and the customer); The cost of third party licences to fall within the scope of the general sourcing service charges (unless expressly agreed to the contrary); As with embedded IP, the licence rights to continue in sufficiently broad terms after the sourcing agreement itself has expired to keep the customer’s options open 102  |  Sourcing Reference Guide regarding the services. The key watchword in this regard is “transparency”, particularly in terms of any additional or changed licence terms which will then apply and with which the customer will need to comply. Associated IP Associated IP is software and other items developed by the service provider to enable the customer to receive the services or use deliverables provided to it (for example, the service provider may continue to enhance and develop its own software and materials so it can provide the services in a more efficient manner). Sometimes overlooked altogether in negotiations, associated IP is the category whose rights are the most hotly contested and where negotiations can grind to a halt. For example, what if a deliverable created for a customer is a freestanding product, but in order to be of any practical benefit to the customer it needs to link to some form of database maintained by the service provider on the service provider’s own systems? There is no typical or established way of dealing with these rights in sourcing agreements; ultimately, the parties will need to determine whether continued use of the service provider’s IP here is essential, or simply desirable. In any event, what will be key is ensuring transparency, so that the customer will at least have a clear picture of the true implications of deciding to discontinue its relationship with a particular service provider.

103) SOURCING REFERENCE GUIDE Local Perspective: Middle East Warning! Although there is a great deal of commonality amongst the various intellectual property laws of the world, differences at a national level can catch customers and service providers out. For instance, in much of the Middle East, there are rules that prevent the assignment of “future” copyright (that is, copyright in works that have not yet been created). This may be relevant when negotiating the ownership of both New and Associated IP in a sourcing contract, because an assignment entered into at the beginning of a project will not be effective to transfer copyright in work created by a service provider during that project. For example, under Kuwaiti and Saudi law, any assignment which purports to assign future copyright will be null and void. The United Arab Emirates has tried to offer a compromise position by permitting the assignment of up to five future works, but the concept of a “work” may itself be ambiguous in the context of a sourcing project where, for example, successive iterations of software code might be created by a service provider. Either way, where the party which will own the rights in the New or Associated IP is not the party creating the works, the “owning” party will require the benefit of an on-going obligation to assign any IP which is created by the other party. Best practice dictates that an assignment (which will need to be in both English and Arabic) should be entered into, either annually, or after each significant piece of IP is created. To ensure that the intended ‘owning’ party is not left without a right to use the relevant “work”, the above law also requires that the IP is licensed from the “creating” party to the “owning” party during the period between its creation and assignment. This can lead to fairly complicated cross-licensing arrangements, where the same IP is created, licensed from A to B, assigned to B, and then licensed-back to A. Another point to bear in mind in these circumstances is that the rules about employees’ IP differ significantly in the Middle East from those of the UK. For example, in the UAE, the basic rule is that the author will be the first owner of any copyright, irrespective of any employment relationship. Finally, in the event that enforcement action is taken, bear in mind that many GCC courts will require that copyright is registered before it can be enforced. This means that no claim about any unauthorised use of (for example) New IP by a service provider may be brought unless the copyright subsisting in the New IP has first been registered. There may, of course, still be a claim for breach of contract in these circumstances. Conclusion Rights attaching to intellectual property are often a source of tension in sourcing negotiations. However, it should be possible to reach an agreement which is satisfactory to all provided that two conditions are satisfied: namely that both parties: â– â–  understand, and can identify, the different types of IP rich items which will underpin their particular sourcing project; â– â–  appreciate that IP ownership is often not necessary to achieve their aim. November 2014 103  |  Sourcing Reference Guide

104) SOURCING REFERENCE GUIDE 20. Dispute Resolution Foreword Sourcing Structures Sourcing Agreement Structures The Services Description Offshoring Timing, Delivery and Delay Service Levels Service Credits Charging Models Tax Benchmarking and Continuous Improvement Compliance Data Protection TUPE and Employee Issues Termination Triggers Exit Management Subcontracting: Risk, Liabilities and Managing the Relationship Secondary Sourcing: Contract Renewal, Insourcing and Retendering In a nutshell When negotiating a sourcing agreement, there is a temptation to focus on constructive elements such as delivery and payment. However, it is a rare sourcing project which encounters no difficulties at all, and it is important for the supporting agreement to include clear mechanisms for the resolution of any disputes which do arise. Though often regarded as a “boilerplate” clause, dispute resolution provisions are by no means standard. A variety of mechanisms exist and the parties should actively consider which are the most appropriate for their particular project. If the parties get it right, then these clauses can: â– â–  â– â–  facilitate the cost-effective resolution of minor disputes in a way which minimises the risk of bad feeling; and provide clarity as to the process to be followed should a more serious dispute arise. If the parties get it wrong, the consequences can be time-consuming and costly. Common mechanisms for sourcing relationships include: Formalised negotiation Negotiations between the parties, often escalating up each party’s reporting chain if resolution is not reached. No third party is involved and whatever resolution the parties agree is non binding (unless a settlement is agreed and recorded in an agreement signed by all parties.) Mediation Enhanced negotiation where a neutral third party helps the parties to explore options to resolve the dispute. Also non- binding (unless a settlement is agreed and recorded in an agreement signed by all parties). Expert determination Referral to an expert for a (usually) binding determination. Generally used to resolve technical issues. Litigation Use of the formal court system. Generally, a public process with a binding outcome. Arbitration A private formal process based on a contract and with a binding outcome. The dispute is resolved by one or more arbitrators. Popular for international contracts, often because of the benefits associated with cross border enforcement. Governance Intellectual Property Dispute Resolution In a nutshell  Overview of a dispute resolution process  Common dispute resolution mechanisms Governing law and jurisdiction  Commercial and practical considerations for dispute resolution mechanisms  Managing Dispute Resolution throughout the life of the Project  Local Perspective: Dubai Conclusion 104  |  Sourcing Reference Guide

105) SOURCING REFERENCE GUIDE Each mechanism is explained in more detail in the remainder of this chapter. Overview of a dispute resolution process The dispute resolution procedure set out in a sourcing agreement usually contains within it a number of mechanisms to be followed consecutively. The hope, of course, is that resolution is facilitated by the first mechanism; if not the mechanisms become more formal and time consuming as the procedure is followed. For the majority of large sourcing agreements the procedure will comprise: Negotiation – escalating within the parties’ organisational structure Alternative dispute resolution “ADR” (such as mediation) Under most legal systems, it is not compulsory for parties to explore Alternative Dispute Resolution (ADR) before commencing formal proceedings. However, many courts encourage and/or expect the parties to do so and can penalise a party if it has unreasonably refused to engage in ADR. For example, the English court can impose cost penalties and in Australia some courts will force the parties to mediate after formal proceedings are instituted but before trial. In Dubai the local courts require certain claims to be referred to the Dubai Centre for Amicable Settlement of Disputes before proceeding to Court, particularly where the claims are of small value. Common dispute resolution mechanisms Negotiation Many disputes are resolved by sensible negotiation between the parties. This will often happen without the parties giving any thought to the formal dispute resolution processes recorded in their sourcing agreement. The potential “claimant” in any dispute should, however, think carefully before holding discussions without the dispute resolution clause having been formally invoked. Such an “informal” approach risks an uncooperative “defendant” insisting on formality later simply as a device for slowing down the whole process. Dispute resolution procedures commonly provide for a structured negotiation process as the first mechanism within the formal resolution process. This negotiation process usually involves senior individuals from each 105  |  Sourcing Reference Guide Formal dispute resolution – litigation in a national court or arbitration party who are not directly involved in the project and therefore hopefully able to consider the dispute in a less impassioned and more commercial manner. The mechanism may also contain an escalation process by which negotiations start at mid-management level, are then referred to senior managers and, ultimately, can escalate to executive level. Specific timeframes should be imposed to increase certainty, but in practice parties may agree on appropriate deadlines at the time to suit the nature of the dispute and the availability and commitments of those who are to consider the issues. This can be a flexible and cost effective way of resolving disputes, especially those which are not critical to the delivery of the project. Each party will ideally wish to stop the other being able to refer, in any possible future formal legal proceedings, to oral or written communications that might have taken place as part of the negotiations. This means that, for English law governed contracts and those of many other jurisdictions, commercial discussions which have as their purpose a genuine attempt to resolve disputes or settle claims (whether in accordance with a formal dispute resolution procedure or otherwise), should be conducted on a “without prejudice” basis. Alternatively they might be conducted on a “without prejudice save as to costs” basis; so that evidence of previous negotiations may be introduced in court proceedings but only in respect of disputes concerning the costs of those proceedings. Parties should be aware, however, that in some jurisdictions, such as Dubai, “without prejudice” communications are not necessarily protected from disclosure to local courts.

106) SOURCING REFERENCE GUIDE Facilitative Mediation Facilitative mediation is essentially negotiation enhanced by an independent third party, the mediator. He or she helps the parties to reach a negotiated settlement but does not adjudicate or make a binding decision. The mediation itself can follow various forms depending on the preferences of the mediator and the parties. Typically there will be an initial plenary meeting and opening statements by the parties followed by private meetings, break-outs and further plenary meetings. Mediation often leads to a successful resolution of the dispute. Even where this is not the case, it can result in the parties finding common ground which will increase the prospect of a negotiated resolution in the following days or weeks. Mediation can also provide the most positive of outcomes as it can preserve the relationship between the parties and enable the project in dispute to continue. This is partly because mediation affords the parties the flexibility to explore solutions which go beyond the scope of a possible court/arbitrator’s decision (as the latter is restricted to giving a binary answer to specific questions put before it). This flexibility can even result in a win-win situation with the parties reaching an arrangement which benefits both of them. Sourcing projects often state that the parties should attempt to resolve disputes by mediation if possible and in England this is one of the most common mechanisms used by parties to resolve their disputes. Mediation may therefore be conducted at an early stage in the dispute resolution process, before the commencement of formal legal proceedings. Equally, parties to a dispute may agree to attempt to reach a settlement by way of mediation after legal proceedings have commenced and the court often encourages parties to attempt to do so with possible cost consequences for unreasonable refusal. Advantages Disadvantages Fast (most last one day) and cost‑effective. If settlement is not achieved there will be wasted costs and delay. Can help parties preserve their relationship and agreements reached through mediation are more likely to be complied with voluntarily. Non-binding – but if a settlement is reached the contractual settlement agreement will be binding. 106  |  Sourcing Reference Guide Parties retain control (no judge or arbitrator) and the process can be tailored to the needs of the parties and so avoid a binary outcome. Can be seen as a “quick and dirty” way to resolve disputes (may or may not be a disadvantage). Without prejudice – (subject to the applicable law) parties can have a free and frank discussion. Can be used before or after litigation/arbitration has begun. Confidential (provided, in some jurisdictions, the parties agree to this). Expert Determination In expert determination, an independent third party is appointed who usually makes a final, and binding, determination of the issue. Experts tend to be used in an IT context for resolving technical matters (for example, to determine whether software meets its specification). Much less commonly, the parties to an agreement put in place a non-binding expert determination. While this may at first appear a curious approach to take, as it loses the benefit of certainty that a binding determination provides, it can at least provide serious negotiating leverage to the successful party. Clearly, though, this approach is not desirable as part of a fast track approach within an overarching dispute resolution process because the lack of certainty inevitably delays the outcome. Expert determination is an informal process (compared with litigation or arbitration) and is not subject to fixed rules of evidence or procedure. Despite being common in many IT sourcing agreements, it has a number of drawbacks and so is rarely used in practice; see the reasons given in the table below.

107) SOURCING REFERENCE GUIDE Advantages Disadvantages Generally it is a quick and cost‑effective private process. High risk because of the absence of due process (the expert is not, for example, bound to analyse the evidence and submissions of the parties). Parties normally control the timing and procedure. Process is not subject to the legal safeguards and standards of fairness that exist in arbitration or litigation. The contract will often leave much to be agreed which can introduce delay to the process. It sometimes allows the parties to dispense with the need to appoint their own technical experts (leading to cost savings). The parties may still want to appoint their own experts/expert consultants in any event, particularly where there are very technical issues to be resolved. As such, perceived costs savings can prove illusory. Suitable on large projects where quick decisions on technical issues are required so that the parties can carry on and avoid delay and the risk of lasting damage to their relationship. Parties are very much in the hands of the expert because of the (usually) final nature of the determination. The expert is not required to give reasons for his/her decision. Good experts are not always available. There is no convention for the enforcement of expert determinations in different jurisdictions. 107  |  Sourcing Reference Guide Litigation Most sourcing agreements specify either litigation or arbitration as the final mechanism in the dispute resolution process. Where the agreement is silent on this issue, litigation will be used. Litigation is a structured process and the steps to be taken vary from one country to the next. Some jurisdictions have an adversarial system (such as England & Wales, Australia and the USA). Others have a more inquisitorial system in which the parties are expected to adopt a more cooperative approach (most European and Middle Eastern jurisdictions). However, in all cases litigation can be a lengthy and expensive process which takes up a considerable amount of the time of the individuals from each party. Whilst parties try to avoid litigation where possible given the time and business disruption which it can involve, it has the advantage of leading to a final impartial decision which is binding on the parties. Arbitration Arbitration is the resolution of disputes through a private contractual process where the dispute is resolved by one or more arbitrators. Though private, it is nonetheless formal and binding. It is usually conducted according to the rules of a recognised arbitral institution. Arbitration can have certain benefits over litigation before a national/state/federal court, but equally there are a number of reasons why litigation may be preferred. The parties should consider the benefits of each process when determining which to adopt in the dispute resolution clause. The respective benefits of each is set out in a table below but arbitration can be particularly attractive where the customer and service provider are based in different jurisdictions and wish to have disputes resolved in a neutral venue.

108) SOURCING REFERENCE GUIDE Litigation or arbitration? Litigation Arbitration Confidentiality Generally public. Can be confidential. Nature of proceedings Formal. As formal as the parties wish. Choice of decision maker Parties cannot choose the judge but cases may be allocated to specialist courts. Parties can choose the arbitrator(s) to match the experience to the dispute. Flexibility Relatively inflexible procedure. Flexible procedure. Duration Duration depends on the jurisdiction. Length varies. There is scope for one of the parties to try to slow matters down as arbitrators are often keen not to be seen to favour one party over another prior to the final hearing. Appeals Appeals are common and may lengthen the procedure and lead to greater uncertainly. Appeals/challenges are more limited leading to greater finality. Disclosure Can be time consuming and costly under certain legal systems (eg England, USA and Australia). Usually more limited scope for document production. Costs Many variables. May be cheaper for complex disputes. Courts and judges are free or have nominal associated costs. Many variables. Not necessarily cheaper than litigation but can be – parties must pay for venue, arbitrators’ time and expenses and administration costs if using an institution. Control One party can compel the other party to participate. Consensual process. Summary determination Disputes with no viable defence can be disposed of quickly – e.g. debt recovery. No effective procedure for disposing of cases summarily. Multi-party proceedings Third parties can be joined to court proceedings if subject to the jurisdiction of the court. The right to arbitrate derives from the arbitration agreement and there is generally no power to join parties unless all the parties and the third party agree. Precedents Judgments can be useful in common law jurisdictions to establish the meaning of a standard form of contract. Arbitration awards are usually confidential to the parties and although persuasive do not give rise to binding precedents, but they should follow the underlying law (and its legal precedents, if applicable) stipulated in the contract. Enforcement Enforcement (where the debtor may have its assets) may not be straightforward in other jurisdictions. The New York Convention on the Recognition and Enforcement of Foreign Awards provides an extensive enforcement regime for international arbitration awards. 108  |  Sourcing Reference Guide

109) SOURCING REFERENCE GUIDE Governing law and jurisdiction No chapter about disputes would be complete without mention of the importance of the governing law and jurisdiction clauses which form part of the sourcing agreement. Governing law means the law applicable to the interpretation of the contract and the determination of any dispute between the parties (eg German law; the law of a particular state or territory such as Victoria in Australia). The jurisdiction clause identifies the courts (or other decision makers) able to hear the dispute between the parties. Jurisdiction can be exclusive or non-exclusive. â– â–  â– â–  Exclusive jurisdiction – the parties intend that the courts of no other country/territory/state should accept jurisdiction. Non-exclusive jurisdiction – the chosen court has jurisdiction but each party still has the right to commence proceedings in any other court of competent jurisdiction. This allows each party maximum flexibility. Ideally the system of law that is to govern the contract should be the same as the dispute resolution forum (e.g. French law heard by a French Court). In Australia the parties will almost always submit to the non-exclusive jurisdiction of the courts in the State/Territory of the governing law. Commercial and practical considerations for dispute resolution mechanisms In determining the best form of dispute resolution procedure to utilise, it is important to take into account the nature of the project, as the appropriate procedure 109  |  Sourcing Reference Guide will vary from one arrangement to the next. For example, a simple dispute resolution procedure allowing for, say, mediation may suffice for a relatively straightforward back office processing function for a small business. A more complex, technically heavy project, such as the implementation of a CRM system for a multi-national, heavily customer facing organisation, may benefit from a far more comprehensive dispute resolution procedure involving layers of escalation and expert determination. It is nevertheless key to any arrangement that the dispute resolution procedure is clear, unambiguous and capable of being used for the determination of any foreseeable disputes. Further, as sourcing contracts are usually intended to be long term arrangements which will inevitably develop and change over time, it is important that sufficient flexibility is built into the dispute resolution procedure to ensure that it remains workable and appropriate as such changes occur. Managing Dispute Resolution throughout the life of the Project A strong working relationship and a high level of trust and co-operation between the customer and the service provider are key to the success of a sourcing project and it is vital that any disputes that may arise are resolved as quickly and efficiently as possible. If any disputes cannot be resolved through simple negotiation, the parties should keep in mind the agreed dispute resolution procedure – if the working relationship is good, they can agree to apply appropriate flexibility to those procedures; if the relationship is strained, the dispute resolution procedure can be followed more rigorously.

110) SOURCING REFERENCE GUIDE LOCAL PERSPECTIVE: DUBAI Dubai, one of seven Emirates that comprise the United Arab Emirates (UAE), offers a wealth of dispute resolution choices to businesses both in the Middle East and beyond. Unusually for the region, Dubai boasts both a civil law “on-shore” court system and a common law “off-shore” jurisdiction, the Dubai International Financial Centre (DIFC), both of which offer businesses a variety of dispute resolution mechanisms, including litigation and arbitration. Courts may apply UAE law, irrespective of the contract’s terms); â– â–  â– â–  Dubai “On-shore” Courts Contracting parties should think carefully before providing Dubai law and Dubai Courts in the dispute resolution and jurisdiction clauses of their contracts. Civil and commercial proceedings in the on-shore Dubai Courts are conducted in Arabic under a civil law system. There is no requirement for lower courts to follow the rulings of higher courts and few judgments are made publicly available. Judges of the Dubai Courts are drawn from a variety of Arabicspeaking jurisdictions and there is a tendency for the courts to refer cases to expert accountants and rely heavily on reports produced by such experts. It is therefore difficult to predict how the Dubai Courts will adjudicate a particular case. The three tiers of Dubai Courts with, in broad terms, automatic rights of appeal, mean that parties can expect disputes to take approximately three years before they are finally resolved. Further, a successful party is unlikely to be awarded more than a token amount in compensation for its legal fees. DIFC Courts The DIFC is a financial free zone with its own civil and commercial laws and courts. Since 2011, the DIFC has been an “opt in” jurisdiction, allowing contracting parties to include DIFC Courts jurisdiction clauses in their agreements, regardless of whether they have any connection to the DIFC. The DIFC Courts have several features that international businesses may consider attractive when compared to on-shore Dubai Courts. These include: â– â–  â– â–  the language of the DIFC Courts is English, rather than Arabic; DIFC Courts apply the law governing the contract in question (whereas there is a risk that on-shore 110  |  Sourcing Reference Guide â– â–  â– â–  in the absence of an express governing law clause, the DIFC courts will apply DIFC law, a common law system based primarily on English law; DIFC Court procedures follow the Civil Procedure Rules used by English Courts, offering a forum with long-established procedures supported by legal precedents; DIFC Courts have the discretion to order that the successful party will receive some or all of its costs from the unsuccessful party; and Memoranda of understanding and guidance with certain foreign courts including the London Commercial Court, the Federal Court of Australia and the High Court of Kenya mean that judgments of the DIFC should be enforceable in some foreign jurisdictions (as well as within the region) with relative ease. Arbitration in the DIFC The DIFC has its own offshore arbitral body, the DIFCLCIA Arbitration Centre, and boasts its own arbitration law based on the UNCITRAL Model Law. Arbitral awards ratified by the DIFC Courts can be enforced onshore in the Dubai Courts (and vice versa) without any further review by the Dubai Courts. The DIFC Courts also have far narrower grounds of refusal to recognise and enforce arbitral awards than the Dubai Courts. Once an award is recognised, the DIFC Courts will issue an order that can be enforced through the Dubai Courts. Importantly, the Dubai Courts have no jurisdiction to review the merits of a DIFC Court judgment or order prior to its enforcement, and once enforced the order will have the same status as an order of the Dubai Courts. Further, following certain procedural formalities, the order becomes enforceable in the execution courts of the other Emirates under Federal Law and in other countries that are party to applicable enforcement treaties such as the Riyadh Convention. The enforcement of foreign arbitral awards in the DIFC is subject to the provisions of the New York Convention.

111) SOURCING REFERENCE GUIDE Arbitration in “On-shore” Dubai Arbitration in Dubai is often conducted under the auspices of the Dubai International Arbitration Centre (DIAC) – an arbitration centre that is by far the busiest in the region. Whilst the promulgation of a Federal UAE Arbitration Law has been mooted for a number of years, the absence of such a law at present can present challenges. Those considering including arbitration clauses where the seat of the arbitration is Dubai should be aware that enforcement of domestic awards continues to be governed by the UAE Civil Procedure Code (CPC). As a result, awards may be vulnerable to spurious Conclusion The ideal dispute resolution procedure will work effectively and efficiently to resolve issues and disputes as quickly and as fairly as possible. The nature of the arrangement and the circumstances of the parties will be significant factors in deciding on the best way for the dispute resolution procedure to be structured for any particular sourcing relationship. DECEMBER 2014 111  |  Sourcing Reference Guide procedural challenges. Additionally, a losing party has two levels of appeal, and the enforcement process can be lengthy, taking up to 24 months. When enforcing foreign arbitral awards, the UAE courts should only apply the requirements of the applicable convention, rather than the CPC. The New York Convention was signed and ratified by the UAE in 2006 but the UAE also has bilateral treaties with many jurisdictions, including Somalia and Sudan – two countries that had yet to ratify the New York Convention. The UAE has also entered into a number of multilateral treaties that relate to the enforcement of arbitral awards such as the Riyadh Convention and the Gulf Cooperation Council Protocol.

112) SOURCING REFERENCE GUIDE This information is intended as a general overview and discussion of the subjects dealt with. The information provided here was accurate as of the day it was posted; however, the law may have changed since that date. This information is not intended to be, and should not be used as, a substitute for taking legal advice in any specific situation. DLA Piper is not responsible for any actions taken or not taken on the basis of this information. Please refer to the full terms and conditions on our website. www.dlapiper.com DLA Piper is a global law firm operating through various separate and distinct legal entities. Further details of these entities can be found at www.dlapiper.com Copyright © 2014 DLA Piper. All rights reserved.  |  DEC14  |  2848825