About to outsource your IT? Read this first

Some of you just might be changing suppliers soon

Intelligent flash storage arrays

Whenever a major service provider runs into financial difficulties it is undoubtedly an extremely unsettling period, not least for the workforce, customers and management.

Tough decisions need to be made in very tight timeframes which often don't allow much time for strategic planning. Financial distress is one of the ever-present risks in outsourcing. Much like geopolitical risks, data breaches and service failures, it is impossible to contract against them.

A customer needs to assess the best procurement strategy to manage these inherent risks and should plan (and price) for some of the risks to materialise.

Outsourcing, by its very nature, involves a transfer of functions from a customer to a supplier. This can lead the customer to lose detailed knowledge relating to the processes involved in delivering those services, particularly in long-term contracts.

For example, UK government spending statistics show a remarkable concentration on a relatively small number of major suppliers: about 80 per cent of central government’s ICT work is undertaken by 18 suppliers.

Many of the contracts are for a government body’s entire infrastructure. Public-sector staff, together with their knowledge and skills, physical networks and infrastructure, are all transferred to a supplier, effectively locking the government customer into a relatively small number of long-term contracts.

There is nothing inherently wrong with this - concentration of resources can produce economies of scale, although they inevitably carry increasing risks in the post-credit crunch world. When a financially distressed supplier effectively disappears, there is unlikely to be anyone in-house to take up the reins.

How can customers protect themselves?

There are a number of contractual protections that customers can include to try to mitigate (if not eliminate) risks of supplier distress. At the simplest level, these include rights to terminate on the occurrence of events ranging from the appointment of an administrator or other insolvency practitioner through to a failure by the supplier to pay any of its debts when they are due. The customer's protections always need to be balanced with supplier's need to be able to run its business without excessive interference.

Know your supplier

Detailed contract terms dealing with the supplier’s financial health should be included where a contract is particularly high-value and/or business critical for the customer, or where it represents a significant proportion of the supplier’s annual turnover, particularly when the supplier is new in the market or taking on contracts that are larger than it might normally do. Typically, increasing levels of supplier financial distress result in more extensive remedies being available to the customer.

For example, a first level of financial distress (measured by a fall in credit rating or pre-agreed financial ratios) might result in more stringent reporting requirements and a requirement to provide a service continuity plan. Further deterioration might require the supplier to establish a financial distress escrow account into which sums owed by the customer to the supplier are paid. Payment out of the account is then prioritised – usually to subcontractors and other parties that have a direct impact on the performance of the contract first, followed by the supplier.

These measures often apply to other members of the supplier’s group, particularly where the group structure is large or complex. The contractual provisions rely on the customer, or its financial advisers, undertaking adequate financial due diligence at the outset. Any deterioration in the supplier's financial position should be monitored closely throughout the term, although there will inevitably be some degree of time lag in any reporting mechanism. Customers should look out for the typical early warning signs, which often include a sustained drop in service levels, the supplier failing to pay subcontractors on time (or at all), or an unusual delay in publication of the supplier’s annual accounts. Significant obligations should also be backed up by financial and/or performance guarantees from a financially sound parent company.

Examine the supply chain

Outsourcing often involves a complex supply chain of sub-contracts. Customers should ensure that any sizeable contracts with third parties can be transferred to the customer or a replacement supplier. It is also helpful where the outsourcing agreement gives the customer a right to enter into direct agreements with (key) sub-contractors. This can be useful where there is a risk that a sub-contractor will walk away due to non-payment by the supplier, particularly where that subcontractor delivers a sizeable proportion of the services.

Know your rights

Outsourced services may be delivered using a range of tangible and intangible assets. A common customer concern is the danger of being locked in to a supplier’s proprietary solution. The customer should ensure that the agreement clearly identifies the types of intellectual property being used. If new software is being written specifically for the customer, the source code should be placed in escrow to be released on the occurrence of insolvency-related events.

This should be accompanied by rights to use the supplier's software for at least as long as it takes to transition to an alternative technology platform – whether provided in-house or by a replacement supplier. Similarly, the rights to any software provided by third-party vendors should be capable of being transferred to the customer or a replacement supplier.

If the services have been outsourced for the first time, a supplier may take on existing assets used by the customer to deliver the services in-house. These may be supplemented by the supplier’s own assets. The customer should ensure that it has an option to purchase the hardware on termination – at a fair market value to reduce the risk that a liquidator might be able to disclaim that right – and should restrict the extent to which the supplier can give security interests or other rights in that hardware to anyone else.

These provisions should be negotiated at the outset of any outsourcing deal - by the time an insolvency practitioner is appointed the customer will be in a weak position to negotiate rights to assets which may need to be retained in order to sell the business as a going concern. Where the supplier is using the infrastructure to provide services to other customers, things can become more complicated and it is not simply a matter of buying back and removing the assets from the supplier's premises.

Start (and manage the contract) with the end in mind

A planned exit, managed over a reasonably long period of time towards the end of the term, is much easier to manage than an emergency exit triggered by a particularly serious breach of contract or insolvency.

When a supplier is in financial difficulties and insolvency practitioners are involved, this adds yet further layers of complexity. Exit from a supplier should therefore never be an isolated exercise in its own right. It should be looked at in parallel with day-to-day contract management and information requirements (for example, reports on service levels, assets, IPR and work in progress) and (continuous) knowledge transfer provisions, which apply throughout the term.

More fundamentally, the potential for supplier distress should be one of the key factors to bear in mind when formulating a coherent procurement strategy. Is there over-reliance on one supplier, what are the alternatives, and how long would it take to procure replacement services? ®

Huw Beverley-Smith is a Director in the Technology and Outsourcing Law Group at Field Fisher Waterhouse LLP in London, where he advises customers and suppliers on major technology procurements, outsourcing projects and the protection and exploitation of intellectual property rights.

Internet Security Threat Report 2014

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story


Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.