Clause and effect – a legal guide to offshoring

Offshoring can bring substantial business rewards, but any organisation looking to outsource operations to a third-party supplier should be aware of the risks involved.

The challenge facing anyone tasked with managing an offshoring relationship is to ensure these risks do not jeopardise business continuity, service quality, competitive position, compliance with law and regulation, and brand reputation.

A balanced commercial relationship and good governance remain cornerstones of a successful offshoring arrangement.

Both should underpin the detailed agreement that the offshoring customer and its third-party supplier reach.

In this agreement, the customer should address each of the risks it faces to maximise the rewards from the offshoring deal.

What is the best way to achieve business continuity?

From the outset, business leaders engaging in offshoring need to insist on processes that will ensure the availability of mission-critical operations in all circumstances. It is vital, therefore, that they set out in the contract the service provider’s obligations during both the transition and implementation phases.

Usually this means the offshore supplier has to achieve a set of planned key milestone events, such as the development, build, testing and rollout of software. If the supplier fails to meet the milestone dates, it has to pay compensation ­ – perhaps in the form of liquidated damages ­ to the customer for any losses suffered as a result of the delay.

Other contractual protection mechanisms include remediation procedures and step-in rights, which can be triggered if the supplier does not properly perform the services. If these contractual mechanisms prove unsuccessful, the customer’s ultimate remedy is to terminate the contract and appoint another supplier –­ either offshore or onshore –­ or bring the provision of the offshored services back in-house.

What can be done to maintain high quality of service?

One of the customer’s primary concerns should be to ensure that the offshore supplier maintains the same, or achieves an improved, quality of service. This is especially important when the service in question is crucial to the business’s performance.

Offshore outsourcing makes this risk particularly acute because the transfer of control over the services to the supplier from the customer often occurs over a great geographic distance.

The contract should be used to identify critically important areas of the services and key performance indicators. Service-level agreements (SLAs) should be imposed to ensure desired levels of availability and quality are achieved. The customer can also exercise its rights to claim service credits in order to encourage compliance with the SLAs.

Customers that outsource to an offshore supplier may also have concerns about the cultural fit and experience of their supplier, and performance management provisions can assist the customer to address these concerns. For example, imposing English language fluency service levels on call centre operators in India may allay concerns about customer service.

How can intellectual property be protected?

A necessary evil of offshore outsourcing is that the supplier will invariably require access to the customer’s crown jewels –­ its intellectual property and confidential information ­ in order to provide the offshored services. The supplier will have an opportunity to become very familiar with the workings of the customer’s intellectual property and this creates a number of risks for the customer.

The customer needs to avoid allowing the service provider to exploit its intellectual property for any purpose other than providing the services. The customer must also make sure the same restrictions are cascaded down the supplier’s supply chain to any of the supplier’s sub-contractors.

A combination of restrictions in the contract will achieve robust protection for the customer. These restrictions comprise:

• Licensing provisions that govern the service provider’s use, both of the customer’s intellectual property and of any intellectual property specifically developed as part of the outsourcing arrangement, for example bespoke software;

• Confidentiality provisions, that list all types of confidential information and govern the non-disclosure of that information;

• Restrictive covenants and non-solicitation provisions –­ these may include preventing the supplier poaching any customer employees for their expertise.

How can an offshoring customer ensure compliance with laws and regulations?

Business leaders engaging in offshoring cannot duck their compliance obligations. They must spell out in the agreement that the supplier has to provide services in accordance with all applicable laws and regulations as well as any industry standard codes of practice.

For example, European data protection laws apply to British outsourcing contracts. The customer must ensure it covers its responsibilities under these laws in the contract.

In particular, the customer must make sure any personal data being transferred out of the European Economic Area receives the same level of protection that it would have under EU law. For example, India does not yet have a law that equates to the UK’s Data Protection Act. However, customers sending data to India-based services providers can insist European data protection rules are incorporated wholesale into the agreement.

Organisations operating in a regulated environment, such as financial services firms, must ensure that the outsourcing arrangement meets the requirements of regulators such as the Financial Services Authority.

It is up to the supplier and the customer to agree the extent to which the service provider can and will execute the customer’s regulatory duties, but ultimately it is the customer’s responsibility to ensure that those duties are met.

What are the biggest reputational issues?

In the current climate, where breaches of information and data security are almost daily news, there is real reputational risk for customers whose suppliers breach confidentiality obligations, lose data or damage a database or processing system.

All offshore outsourcing should impose obligations on the supplier in relation to data security and confidentiality.

The contract should also include a restriction on the extent to which the supplier is entitled to publicise the deal. In the current economic climate, unemployment is becoming an increasingly emotive topic, and given that redundancies are often an unfortunate consequence of offshore outsourcing, the less publicity surrounding the deal, the better.

Successful offshore outsourcing is achieved by balancing risks with rewards. If executed properly, an offshore outsourcing deal can deliver significant business benefits. But if not, the damage could be permanent.

Garfield Smith is a partner and Suzanna Grundy a solicitor at international law firm Pinsent Masons