What Does the SOX Say?
U.K. Court of Appeal’s Award of Compensation for Distress to an Individual Following a Breach of the Data Protection Act: Opening the Floodgates for Claims by Individuals?
Joshua Konvisser Discusses Privacy Issues Raised by BYOD Policies
Risk Is ExpensiveRisk is expensive when you unload too much of it on your supplier. While it might feel like you’ve “won”, typically an imbalanced risk allocation will only serve to hurt both parties in the end.
For mature outsourcing market segments like IT Infrastructure and Applications Development, and for some BPO horizontals, market practices for allocating commonly encountered risks have emerged. Sometimes these practices are captured in what has become “boilerplate” contract language, and sometimes there is an unstated understanding among experienced practitioners that only becomes apparent through the give-and-take of negotiation.
Market Practices for Risk Allocation and Their Exceptions
Risks that are now generally addressed through market practice include IP infringement, employee claims, misuse of confidential information, failures caused by third parties and force majeure events, damages resulting from transition or system implementation delays, and general limitations (subject to exceptions) on consequential damage recovery. In most contract negotiations, parties move quickly to allocate these and other risks consistent with market practice. But there are exceptions:
- Special Deal Situations. Break-through deals that do not fit neatly into established market practice; examples include IP infringement risks for new technology involved in the transaction or joint venture, and multi-supplier solutions or situations where the supplier is expected to exercise a high degree of control (and therefore be subject to a higher degree of accountability) over a wide set of processes and service delivery providers.
- Evolution of Practices Due to External Change. Changes in the business or regulatory environment within the customer’s industry that require adjustments to existing market practice; for example, privacy breaches have become a focal point in negotiations as parties seek to allocate liability for recovery, remediation and notification costs arising from a supplier-caused unauthorized release or disclosure of personal information.
- Commercial Deal Points. Those terms that reflect a customer’s commercial risk appetite that are negotiated based on the parties’ relative bargaining power, as well as any price premiums built into the deal; examples include exchange rate and inflation risk, and damage to the customer’s business as a result of service interruptions and errors.
Loading the Supplier with Risk Is Not the Answer
Pillsbury’s vast deal experience gives clients a substantial advantage in negotiating a rational balance of risk between parties. We take a very practical approach to negotiating risk, taking account of:
- The importance of the particular issue to our client and its business
- The significance of the risk (probability of occurrence, severity of consequences)
- The party (if any) most likely to be at fault
- The party that can best manage and reduce the risk
- The party best positioned to address the consequences (remediation effort, insurance coverage, workarounds )
The goal of the negotiation is not to “stick the supplier” with all the risk. A well-negotiated contract results in an economically efficient risk allocation – one that results in net risk reduction for the transaction, based on the proper incentive model, without creating unnecessary risk premiums, insurance requirements or over-engineered solutions.
There are certain risks that suppliers ordinarily will not accept at any price, and trying to overload the risks on the supplier will just drag out negotiations and potentially kill the deal. For example, for IT services, a supplier will not accept excessive exposure to liability for its customer’s loss of revenue due to a service interruption. For facilities management services, a property manager will be extremely reluctant to accept liability for all damage to the managed property. In labor-driven BPO deals, suppliers will rarely accept full responsibility for determining what process adjustments are required to comply with changes in laws directed specifically to the customer’s industry.
Balancing Risk and Price
Even for those risks that a supplier should bear, there are limits. And while suppliers often say, “Our pricing does not cover that risk,” which suggests that they would be willing to accept the risk in exchange for a higher margin, this is often not the case.
In reality, most suppliers do have pricing models that allow for some variance of margin for given deal parameters, but these models are not highly sophisticated and can’t fine-tune the pricing for any and all combinations of risk. Suppliers simply won’t be pushed beyond certain thresholds.
Pillsbury helps both clients and suppliers work through the allocation of risk to a rational conclusion – a deal enabling the client to realize its desired risk profile at competitive market pricing.