Obama’s Outsourcing and Offshoring Promotion Program

February 28, 2013 by

President Obama’s current programs are very likely to limit growth of small businesses to mid-sized businesses and will promote automation, “right-sizing,” outsourcing and offshoring in 2014.   We examine some of the key themes in his tenure as President since 2009, particularly those in his State of the Union Address on February 12, 2013.   Outsourcing and offshoring might be increased as a result of his policies on healthcare, energy taxation, energy infrastructure investment, higher local U.S. wages and even new regulations on cybersecurity.

Burdening Both Small and Larger Businesses):  Bye-Bye, Back Office Employees; Hello, New Small Service Providers.   The Patient Protection and Affordable Care Act of 2010 is pushing small business owners to cut back on full-time employee staffing.    The law is over 1,000 pages long.  Among its key provisions is a mandate for individuals to get medical insurance (or pay a tax of $2,000).  Another key mandate requires U.S. employers with over 50 full-time employees to pay for coverage for their employees, effective January 1, 2014.  (Incidentally, as of March 1, 2013, U.S. employers must now disclose to their employees in writing whether the employer has obtained medical insurance for the employee.)

Under these conditions, outsourcing will grow because the back office (finance, accounting, human resources administration) does not generate revenue and thus cannot be leveraged for purposes of valuation.  We predict a boomlet of new small service providers offering such services, with the real work being done in foreign countries under the supervision of U.S. founders.  For a well-designed new service provider, startup costs are modest and return on investment can be recovered within six to twelve months by leveraging a scalable offshore service delivery center.

Even if such outsourcing is not so robust, small business owners will seek to enter into new “independent contractor” agreements with current back office employees to kick them off the payroll and keep the business size at below 50 FTE’s.

Favoring Foreign Manufacturers and Service Providers:  New Tax on U.S. Energy Consumption, No Tax on Products of Foreign Energy Consumption.   President Obama wants a carbon tax on energy consumption.  A draft law failed in 2010.   Now, if Congress does not act, he will administratively issue regulations to “reduce pollution, prepare our communities for the consequences of climate change, and speed the transition to more sustainable sources of energy.”

If such a carbon tax is enacted, it will apply only to U.S. producers of energy and other greenhouse gas (GHG) emissions.   The tax would not apply to foreign energy producers or foreign GHG emissions.  The tax would not be applied to the importation of finished products from countries that have not such tax.   So such a tax would increase the cost of U.S.-made products (and energy consuming services such as office workers) and also promote the importation of foreign-made goods and foreign services that are not so taxed.

Promoting Foreign Jobs along with American Jobs: Upgraded U.S. Energy Production Infrastructure.   President Obama approves the hiring of U.S. workers by foreign companies in the U.S.  “The CEO of Siemens America — a company that brought hundreds of new jobs to North Carolina — said that if we upgrade our infrastructure, they’ll bring even more jobs.  And that’s the attitude of a lot of companies all around the world.  And I know you want these job-creating projects in your district.”   It’s not clear where the R&D work or manufacturing will take place for energy projects, but the U.S. does have some obligations under WTO agreements to treat certain foreign manufacturers equally.

Comparative Advantage for Automation:  Higher Minimum Wages, Maybe More Automation.  “Tonight, let’s declare that in the wealthiest nation on Earth, no one who works full-time should have to live in poverty, and raise the federal minimum wage to $9.00 an hour.”   By increasing the cost of labor, this could promote capital investment in machines and software that could replace labor.

Cybersecurity: Sharing of Private Data with U.S. Government.  In his speech, President Obama viewed cybersecurity of critical infrastructures as essential to national security.  “And that’s why, earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy.”

His Feb. 12, 2013 Executive Order to Improve National Cybersecurity will establish a “voluntary information sharing program” that will “provide classified cyber threat and technical information from the Government to eligible critical infrastructure companies or commercial service providers that offer security services to critical infrastructure.”   Under this Executive Order, the term critical infrastructure means “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”

The regulations implementing this “voluntary” program have not been drafted.  A draft law on the same subject failed in 2012 because “voluntary” sharing did not come with insulation from liability to third-party stakeholders such as customers, individuals, patients, suppliers and others.

We can speculate whether the eventual regulations will promote offshoring of data centers or more virtualization of data services.   It could have the opposite effect, of forcing full supply-chain cybersecurity across national borders.  It could result in more segregation of data collected overseas and hiving off of such data so that it is not processed in the U.S. in order to avoid potential liability from complying with the new regulations.

Outsourcing Law & Business Journal™ – December 2012

December 21, 2012 by

OUTSOURCING LAW & BUSINESS JOURNAL™ : Strategies and rules for adding value and improving legal and regulation compliance through business process management techniques in strategic alliances, joint ventures, shared services and cost-effective, durable and flexible sourcing of services. www.outsourcing-law.com. Visit our blog at http://blog.outsourcing-law.com.

Insights by Bierce & Kenerson, P.C. Editorwww.biercekenerson.com.

Vol. 12,  No. 8, December,  2012

Special Webinar Announcement:   Please join us for a series of complimentary webinars entitled:  “Strategic Issues for International Technology Businesses”  to discuss selected issues, structures and opportunities for international investments and joint ventures in U.S. and foreign technology-based businesses via three webinars:
Tuesday January 29, 2013, 12 noon-1:45 pm ET
“Exploiting U.S. Tech Businesses Abroad:  Europe, India, China”
Tuesday February 26, 2013, 12 noon-1:45 pm ET
“Exploiting Foreign-Based Tech Businesses in the U.S.”
Tuesday March 19, 2013, 12 noon-1:45 pm ET

“Personal Wealth & Tax Planning for International Tech Entrepreneurs”

Participants:
EisnerAmper LLP
Bierce & Kenerson, P.C.  (Full disclosure, we are the editors of this newsletter)
The Margolis Law Firm,
Edica-Garnett Partners,
Porto Leone Consulting, LLC,
Frenkel & Company

For more information, please click here to contact Alyssa Todtman at EisnerAmper LLP
_________________________________________

1.  Knowledge Management in Strategic Alliances and Outsourcing
2.  Non-Practicing Entity Buys Kodak’s Digital Business Patent Portfolio, Licenses to Consortium
3.  Humor.
4.  Conferences.

________________________________________

1.  Knowledge Management in Strategic Alliances and Outsourcing.  Knowledge management has become a key driver in the design and sustainability of competitive global enterprises today.  In knowledge management (“KM”), organizations define the purpose and meaning of information for the corporate mission, create, store and share information and establish tools and rules for internal and external use (and repurposing) in commerce.  KM presents structural and contractual challenges for enterprise customers and their outsourcing service providers.  Knowledge management is applied in outsourcing, supply chain management (“SCM”) and business process management (“BPM”).  Other applications include business continuity planning (“BCP”), disaster recovery (“DR”), audit and control for corporate governances and regulatory reporting. For more, click here.

2.  Non-Practicing Entity Buys Kodak’s Digital Business Patent Portfolio, Licenses to Consortium.  In mid-December 2012, Eastman Kodak Co., a bankrupt photographic supply company, agreed to sell its patent portfolio to a consortium of buyers.  The portfolio includes patents for digital photography, Web-based photo applications and other technologies critical to Internet-based e-business, social media and mobile computing.  The deal (which is subject to bankruptcy court approval) represents a new approach to patent litigation, patent portfolio procurement and patent licensing from bankrupt companies in the United States.  To read more, click here.

3.  Humor.

Knowledge Management, n.  Occult meta-world giving divine meaning to an ever-expanding universe of data.

4.  Conferences.

February 18-20, 2013, IAOP’s Outsourcing World Summit, Phoenix, Arizona.  This annual conference brings the global community of outsourcing professionals together for an unparalleled knowledge sharing, networking and personal and business development experience.

Outsourcing is entering a new age as different opportunities—and demands—are made by companies in pursuit of improved outcomes, lower costs and higher standards in a critically competitive economic environment. Trends like rural and impact sourcing, corporate social responsibility, crowd sourcing, the cloud, technology convergence, the BRIC surge, collaborative and strategic models, and governance have all impacted the way companies do business and the level of understanding and knowledge outsourcing professionals must have to be successful. And it is clear that it takes skilled professionals – now more than ever – to harness these opportunities and meet these demands.  For more information, please visit their website.

March 4-7, 2013.  SSON and IQPC present its 17th Annual North American Shared Services & Outsourcing Week, Orlando, Florida.  If you’re looking for what’s new in service delivery capability, and for the next steps to achieve a maximum level of value, join us at North America’s premier forum for shared services and outsourcing professionals, where you will learn how to design and execute a holistic GBS framework that encompasses shared services, outsourcing, internal business functions and Cloud computing resource;  achieve global end-to-end processes across business functions, systems and geographies; learn what service levels are important to achieving your business goals; how to understand real business value from big data; understand and over-deliver what your internal and external customers want and gain insight on where you can benefit from disruptive technologies, such as Cloud, mobility and social.  To get more information, click here.

April 30-May 1, 2013.  American Conference Institute presents its 7th Annual Forum on Controlling Litigation Costs, Chicago, Illinois.  ACI’s renowned forum returns, with a brand new faculty and novel case studies and strategies designed to help you (1) get more value from the firms you use in litigation matters OR (2) keep existing corporate clients and ensure you are at the top of the “go to” list when matters arise.   This conference is for in-house counsel or legal sourcing manager and private practice litigation attorney or law firm marketing/business development specialist.  For more information, please click here.

**********************************

FEEDBACK: Since 2001, Outsourcing Law & Business Journal™ has been addressing legal issues in operational excellence in business services through effective sourcing practices and service integration for global and globalizing enterprises.  Covered operations include business services in IT, HR, finance and accounting, procurement, logistics, manufacturing and customer relationship management. Send us your suggestions for article topics, or report a broken link at wbierce@biercekenerson.com. The information provided herein does not necessarily constitute the opinion of Bierce & Kenerson, P.C. or any author or its clients. This newsletter is not legal advice and does not create an attorney-client relationship. Reproductions must include our copyright notice. For reprint permission, please contact: wbierce@biercekenerson.com. Edited by Bierce & Kenerson, P.C. Copyright (c) 2012, Outsourcing Law Global, LLC. All rights reserved. Editor-in-Chief: William Bierce of Bierce & Kenerson, P.C., located at 420 Lexington Avenue, Suite 2920, New York, NY 10170, 212-840-0080.

Knowledge Management in Strategic Alliances and Outsourcing

December 21, 2012 by

Knowledge management has become a key driver in the design and sustainability of competitive global enterprises today.  In knowledge management (“KM”), organizations define the purpose and meaning of information for the corporate mission, create, store and share information and establish tools and rules for internal and external use (and repurposing) in commerce.  KM presents structural and contractual challenges for enterprise customers and their outsourcing service providers.

Uses of KM.   Knowledge management is a basic tool for business process management (“BPM”).  KM may include training tools (webinars, questionnaires, checklists, algorithms).   KM can enable effective post-merger integration to two organizations by providing transparency into each other’s operations.  KM can also be used to capture the implicit, contextual knowledge of a retiring generation of experienced workers.  KM is applied in outsourcing, supply chain management (“SCM”) and business process management (“BPM”).  Other applications include business continuity planning (“BCP”), disaster recovery (“DR”), audit and control for corporate governances and regulatory reporting.

What is Knowledge Management?    Knowledge management (“KM”) represents the institutionalization of business knowledge derived from personal experience, and the continuous process improvement “on the shoulders of giants” by process designers.  KM applies scenario analysis to predict the suitability for applying a pre-determined process.   It is not ad hoc, but responds ad hoc to situational triggers.  Components to any KM process or system include:

  • Scenario Triggers: precursor avenues leading to and funneling a work flow;
  • Inputs: the collection of relevant data needed to provide either the context for a work flow (such as criteria for initiating the work flow) or the actual processing of inputs;
  • Business Rules: the business rules (and regulatory requirements), or algorithm, processing inputs and delivering outputs as the intended results of the required operation;
  • Data Processing: the process of applying the business rules to the inputs after the scenario is triggered and delivering the outputs;
  • Records Management: the process of storing information in searchable formats, which may include a thesaurus, searchable links, and clusters of key topics and multiple documents (“records”).

Technologies Used in KM.  Virtually any digital technology can be used for KM.  This includes databases, repositories, intranets (open wikis or closed), extranets, decision support systems, project management tools, time billing and accounting software, web conferencing and online and offline storage systems.   With increasing mobility of computing devices and the use of social networks that can be used to diffuse information, and global cyber threats, KM poses cybersecurity risks to the enterprise.

Legal Issues in KM.    Several fields of law govern KM at different phases of creation, sharing, storage, use and reuse.  These legal fields cover issues in employment, intellectual property rights, trade secrets, corporate fiduciary duty, contractual restraints on competitive activities and related antitrust or competition law, privacy law, contractual rights on warranties and indemnification, and mergers and acquisitions.   In international business, the laws of multiple countries or multiple legal systems can apply, creating conflicts of law that require careful analysis and design for implementing a KM system or KM-based relationships.  Finally, governmental regulations can mandate the form of a KM system.

Employment Law.  Employees and contractors are sources of knowledge, as they take their experience and adapt it to specific problems for resolution.  Human resources departments must ensure that employees do not share knowledge that is subject to a non-disclosure agreement with a former employer or a customer.

Intellectual Property and Trade Secrets.   In the field of business services, a service provider uses work flows that could infringe the patent of a competitor.  Or it might use a trade secret for a purpose not permitted under a non-disclosure agreement.  Or it might present the work product in a form that is confusingly similar to the work product of a competitor under the Lanham Act or principles of “trade dress.”  KM tools and rules should include information about the sources and permitted uses of “knowledge” to avoid infringement litigation and to expand the scope of the organization’s proprietary (and thus competitive) operations.  In strategic alliances (such as teaming agreements and joint ventures) and outsourcing, both parties need to protect their own “KM” so that neither the outsourcer nor the enterprise customer can enjoy unfair competitive advantage after the end of the alliance or outsourcing contract.

Governmental Regulation.  KM has become a prime mandate of governments.  The Enron bankruptcy spawned the Sarbanes-Oxley Act of 2002, forcing public companies to maintain “audit and control” procedures beyond the general “best practices” previously adopted under generally accepted accounting principles (“GAAP”).  Under GAAP, Statement of Auditing Standards (“SAS”) No. 70 established procedures for auditors to verify that companies actually followed the procedures and work flows that they claimed to follow.  SAS 70 has since morphed into another auditing principle (SSAE 16), with a reduced standard of care and risk of liability for the auditors.   The Securities and Exchange Commission requires public companies to identify their vulnerabilities including risks of business continuity and processes for disaster recovery.  The Dodd-Frank Consumer Financial Protection law requires covered banks and financial services companies to adopt hundreds of specific processes, under over 300 regulations, to protect against risks of structural damage to the economy.

Getting Value from KM.   Managers can build enterprise value through KM tools and policies that promote increased efficiency, competitive positioning, transparency and accountability.  For efficiency, a “capability maturity” model may be limited in focus by addressing only constant improvements through analysis of “lessons learned” and proactive process redesign.   For competitive positioning, innovative, entrepreneurial managers can cast aside “inefficient” or complicated business models for new models based on new technologies.

Contract Clauses.  Virtually every business exchange involves the sale of some knowledge.  It can be embedded in a product, or it can be expressed as a means for using a product or consuming services.   Every contract for services (including “managed services” / outsourcing) needs effective analysis, planning and implementation of rules governing knowledge management.

Thinking Ahead.   KM principles are essential for any business.  KM contract clauses help ensure that the business will survive, thrive and adapt.

Regulatory Settlement of Fraudulent Robo-Signing by Mortgage Servicing Companies

September 30, 2011 by

Like a well-designed software package, BPO services offer the advantages of process uniformity and standardization, scalability, speed to completion, predictability and transparency.  When BPO is abused, the advantages can quickly turn into disadvantages of equally grand scale.  Such is the tale of “robo-signing” of affidavits of compliance with banking regulations that were based on common practice of non-compliance.  This article addresses the settlement by Goldman Sachs with the New York State Department of Financial Services and New York Banking Department in early September 2011.  For more click here.

The Business Services of Mortgage Loan Origination Management. The origination of mortgage loans is the first step in the syndication of bundles of mortgage loans for sales to investors, or for retention in a bank’s own loan portfolio of assets.  Whether a loan is bundled into a package of collateralized debt obligations (“CDO’s”) or retained as a portfolio asset, the origination process must comply with applicable laws governing Truth in Lending and eligibility for loan guarantees.  Such laws include full disclosure of applicable financing terms, consumer protection, due diligence and verification of due execution of the borrower’s promissory note, the mortgage securing the loan, title documents confirming the underlying assets are owned of record in the name of the borrower.

Robo-Signing. The phrase “robo-signing” arose in 2008-2009 when regulators discovered that many BPO service providers in loan origination services falsely provided affidavits of compliance with statutory requirements for bank lending.

The Sub-Prime Debt Crisis. Affidavits of compliance with loan origination requirements are an essential element of any loan origination program for a bank.  In the 2000’s, many U.S. banks outsourced the compliance function to service companies.  In the U.S. sub-prime mortgage crisis that began in 2008 and continues through at least 2011, the failure of the outsourcing companies to meet a service level of 100% compliance has triggered a tsunami of legal woes:

  • Borrowers have alleged in court that they were defrauded (and therefore cannot be foreclosed).
  • Investors have sued to rescind their investments in CDO’s because the underlying collateral was fraudulently obtained.
  • The CDO market has become unsettled, impairing the free trade and circulation of CDO’s as a source of liquidity in the housing market (and thus a source of sustainability of higher prices).
  • Housing prices have collapsed by 30% in many locations.
  • Banks are not only prudent to ensure 100% compliance with loan origination laws, but they have been reluctant to lend to qualifying buyers, thereby depressing     the housing market and increasing the immobility of homeowners seeking jobs elsewhere.
  • Delinquent borrowers have been subjected to loan servicing fees that make it more difficult to repay the loan.
  • Non-delinquent borrowers might have an escape from repayment obligations under principles of fraud and rescission, but they cannot escape due to the collapse of “normal” lending markets for residential real estate since 2007.
  • Regulators have conducted investigations and sought penalties against banks using robo-signing practices.

Litton Loan Servicing: Goldman Sachs’ Alleged Robo-Signers. In September 2011, the New York State Department of Financial Services and New York Banking Department reached a settlement with Goldman Sachs, as owner of Litton Loan Servicing, as a condition of allowing Goldman to sell Litton to another mortgage servicing company, Ocwen Financial Corp.   On September 2, 2011, Ocwen described the deal in its SEC filing:

On September 1, 2011, Ocwen Financial Corporation (“Ocwen”) completed its acquisition of (i) all the outstanding partnership interests of Litton Loan Servicing LP (“Litton”), a subsidiary of The Goldman Sachs Group, Inc. (“Seller”) and provider of servicing and subservicing of primarily non-prime residential mortgage loans (the “Business”), and (ii) certain interest-only servicing strips previously owned by Goldman Sachs & Co., also a subsidiary of Seller. These transactions and related transactions (herein referred to as the “Transaction”) were contemplated by a Purchase Agreement (the “Agreement”) between Ocwen and Seller dated June 5, 2011 which was described in, and filed with, Ocwen’s Current Report on Form 8-K dated June 6, 2011. The Transaction resulted in the acquisition by Ocwen of a servicing portfolio of approximately $38.6 billion in unpaid principal balance of primarily non-prime residential mortgage loans (“UPB”) as of August 23, 2011 and the servicing platform of the Business.

The purchase price for the Transaction was $247.2 million, which was paid in cash by Ocwen at closing. In addition, Ocwen paid $296.4 million to retire a portion of the outstanding debt on an advance facility previously provided by an affiliate of Seller to Litton. To finance the Transaction, Ocwen received a senior secured term loan facility of $575 million with Barclays Capital as lead arranger and also entered into a new facility with the Seller to borrow approximately $2.1 billion against the servicing advances associated with the Business.

The actual purchase price differed from the estimated base purchase price of $263.7 million disclosed in the current report on Form 8-K filed by Ocwen on June 6, 2011 as a result of certain adjustments specified in the Agreement for changes in Litton’s estimated closing date net worth, servicing portfolio UPB and advance balances, among others. The purchase price may be further adjusted as these estimated closing-date measurements are finalized after the closing date.

In connection with the Transactions, Ocwen, Goldman Sachs Bank USA, Litton and the New York State Banking Department have entered into an agreement (the “NY Agreement”) that sets forth certain loan servicing practices and operational requirements. No fines, penalties or other payments were assessed against Ocwen or Litton under the terms of the NY Agreement. We believe the NY Agreement will not have a material impact on our financial statements.

Settlement Terms. The “Agreement on Mortgage Servicing Practices” was consented to by Goldman, Ocwen and Litton.  Goldman, which is exiting the mortgage servicing business with the sale of Litton, agreed to adopt these servicing practices if it should ever reenter the servicing industry.

According to the Banking Department, the settlement makes “important changes in the mortgage servicing industry which, as a whole, has been plagued by troublesome and unlawful practices. Those practices include: ‘Robo-signing,’ referring to affidavits in foreclosure proceedings that were falsely executed by servicer staff without personal review of the borrower’s loan documents and were not notarized in accordance with state law; weak internal controls and oversight that compromised the accuracy of foreclosure documents; unfair and improper practices in connection with eligible borrowers’ attempts to obtain modifications of their mortgages or other loss mitigation, including improper denials of loan modifications; and imposition of improper fees by servicers.”

“The Agreement makes the following changes:

  1. Ends Robo-signing and imposes staffing and training requirements that will prevent Robo-signing.
  2. Requires servicers to withdraw any pending foreclosure actions in which filed affidavits were Robo-signed or otherwise not accurate.
  3. Requires servicers to provide a dedicated Single Point of Contact representative for all borrowers seeking loss mitigation or in foreclosure, preventing borrowers from getting the runaround by being passed from one person to another. It also restricts referral of borrowers to foreclosure when they are engaged in pursuing loan modifications or loss mitigation.
  4. Requires servicers to ensure that any force-placed insurance be reasonably priced in relation to claims incurred, and prohibits force-placing insurance with an affiliated insurer.
  5. Imposes more rigorous pleading requirements in foreclosure actions to ensure that only parties and entities possessing the legal right to foreclose can sue borrowers.
  6. For borrowers found to have been wrongfully foreclosed, requires servicers to ensure that their equity in the property is returned, or, if the property was sold, compensate the borrower.
  7. Imposes new standards on servicers for application of borrowers’ mortgage payments to prevent layering of late fees and other servicer fees and use of suspense accounts in ways that compounded borrower delinquencies and defaults.
  8. Requires servicers to strengthen oversight of foreclosure counsel and other third party vendors, and imposes new obligations on servicers to conduct regular reviews of foreclosure documents prepared by counsel and to terminate foreclosure attorneys whose document practices are problematic or who are sanctioned by a court.

Notably, the adoption of new “best practices” does not release Litton from future claims or from being investigated in the future.

Lessons Learned. While Goldman might have been negligent in supervising its mortgage loan origination subsidiary, it learned the lesson by divesting the BPO service provider to a larger, more stable BPO service provider.   The services provided by Litton had helped feed Goldman’s role as an originator and underwriter of CDO securities that it then packaged and sold into financial markets.  The sale of Litton represents an unwinding of this financial chain and should improved the credibility, marketability and liquidity of the CDO markets.

On a broader level, the New York banking settlement underscores the importance of a BPO service provider’s “getting it right the first time.”   This means that service supporting regulated businesses should anticipate that their functions will be supervised by regulators even if their function is only a slice of a regulated function.  As a result, the risk profile for service providers can be expected to increase where the enterprise customer or the service provider fails to ensure 100% compliance with regulations.   Master Services Agreements should be structured to ensure appropriate allocation of liability, together with risk management practices to limit the enterprise customer’s exposure to regulatory investigation and penalties.

Surprisingly, there were no regulatory penalties for Goldman.  This may be attributable to good lawyering as well as the fact the “settlement” arose solely in the context of a divestiture, where the purchaser willing purchased a troubled asset.

To learn more about robo-signing click here.

Indian Privacy Law: Sensitive Personal Information

September 30, 2011 by

In May 2011, the Indian Ministry of Communications and Information Technology issued a press release clarifying the rules framed under Section 43A of the Information Technology Act, 2000.  This clarification is important for companies that handle sensitive personal information in India.   For more, click here.

Section 43A of the Information Technology Act, 2000, deals with disclosures by Indian governmental bodies (a “body corporate”) of sensitive personal information to other Indian governmental bodies.   Under rules adopted under such law, each Indian “body corporate” must adopt and provide a policy for privacy and disclosure of information.  The “clarification” notes that “Any such disclosure of sensitive personal data or information  by body corporate to any third party shall require prior permission of the provider of the information.”    Inter-agency disclosures must be for lawful purposes to pursue statutory mandates of the requesting agency (e.g., detection and prosecution of cybercrime) and the receiving agency must give an undertaking that the information obtained will not be published or shared with any other person.

This clarification sets forth a “best practice” in Indian governmental protection of sensitive personal information.    The subject is relevant to outsourcing lawyers because such information that is transmitted from non-Indian sources to Indian ITO and BPO service providers becomes subject to the jurisdiction of the Indian government.  In exercising such jurisdiction, the Indian government theoretically has access to information of foreign individuals.

Outsourcing agreements normally address issues of force majeure and cooperation in resolving governmental investigations.   The “clarification” discussed above gives some comfort to those engaged in processing where sensitive personal data is accessible in India by Indian service providers.   But the clarification also raises the visibility of the issue of cross-border data protection.

A New Twist on Labor Arbitrage: The Impact of ObamaCare to Promote Offshore Outsourcing

November 30, 2010 by

In considering talent management strategies, employers inevitably consider the relative costs of hiring employees and complying with labor law.  Such considerations include the regulatory regime governing minimum wages, unionization and, now, health care compliance.  For example, in the 1980’s, Japanese automakers chose to set up manufacturing plants in non-union “right to work” states in the South, rather than in states where unions are strong.  Enacted in July 2010, U.S. healthcare reform (“ObamaCare” or the “Patient Protection and Affordable Care Act”) will force employers large and small to consider sending jobs offshore.  ObamaCare also promotes medical tourism for cosmetic surgery.

Reforms. The Patient Protection and Affordable Care Act, H.R. 3590, 111th Cong., 2nd Sess., restructured the tax and regulatory conditions governing healthcare for all Americans.  The act requires all Americans to be covered under healthcare insurance under standard underwriting conditions.  These core conditions prevent insurance companies from creating different pricing models based on actual health of the individual.  They consist of nine core principles, the first eight of which conflict with the ninth.

1.  a prohibition of preexisting condition exclusions or other discrimination based on health status.

2. “fair” health insurance premiums through extensive legislative and regulatory controls of the underwriting process.

3  guaranteed availability of coverage for all, so that insurers cannot deny issuance of insurance.

4.  guaranteed renewability of coverage.

5.  prohibiting discrimination against individual participants and beneficiaries based on health status.

6.  non-discrimination in health care.

7.  comprehensive health insurance coverage, so that coverage provides substantial benefits.

8. a prohibition on excessive waiting periods.

9. freedom to opt-out of the Federal health employment law.

Mandatory Health Insurance for All Americans. Beginning in 2014, all U.S. individuals will be required to be covered by health insurance, or they will have to pay a tax penalty.  In general, the new law mandates healthcare coverage, either individually (through an Exchange or other permitted, regulated insurance program) or through an employer’s program.  Individuals who are employed must pay for their own coverage if the employer does not.  As a result, individuals will gravitate to employers who offer employer sponsored health plans.  Section 5000A(a) of the Act requires that each “applicable individual” shall for each month beginning after 2013 ensure that the individual, and any dependent of the individual who is an applicable individual, is covered under minimum essential coverage for such month.  Failure to be insured will result in a tax liability (called a “penalty” but payable under the tax code) of up to 300% of $750 (plus cost of living adjustments) per year.  Section 5000A(c).  Spouses are jointly and severally liable, as are taxpayers responsible for their dependents under Section 5000A(b).

Illusory Freedom of Business to Opt Out. The Act expressly permits everyone to opt out, but it does not appear to override the universal mandate for “applicable individuals” to be covered by conforming healthcare insurance.  Section 1555 states the “opt-out” principle in terms of opting out of a health insurance program created under ObamaCare.

No individual, company, business, nonprofit entity, or health insurance issuer offering group or individual health insurance coverage shall be required to participate in any Federal health insurance program created under this Act (or any amendments made by this Act), or in any Federal health insurance program expanded by this Act (or any such amendments), and there shall be no penalty or fine imposed upon any such issuer for choosing not to participate in such programs.

This option is illusory and contradictory with the penalty provisions.

  • Individuals Subject to Penalty Tax. Under Section 5000A, individuals who are not covered must pay a penalty tax.
  • Large Employers Subject to Penalty Taxes. Under Section 1513 (enacting Section 4980H of the Internal Revenue Code), large employers (with over 200 employees) who fail to offer to its full-time employees (and their dependents) the opportunity to enroll in minimum essential coverage under an eligible employer-sponsored plan (as defined in section 5000A(f)(2)) must pay similar penalty taxes.  Under Section 1514 (enacting Section 6056 of the Internal Revenue Code), large employers must file tax returns demonstrating compliance with the healthcare coverage (and penalty) rules.  Similarly, under Section 9001 (enacting Section 4980I of the Internal Revenue Code), ObamaCare imposes a 40% tax on “high value” employer-sponsored health coverage, to dissuade entrepreneurs from benefiting senior managers to the disadvantage of lower income employees.

Actual Freedom to Opt Out: Applying Territorial Limitations of Universal Healthcare.   ObamaCare creates a new territorial limitation on the universal mandate of minimum-standard healthcare coverage.   Like minimum wage laws and the Fair Labor Standards Act (which ObamaCare amends), the new ObamaCare legislation does not apply to services rendered outside the U.S.A.   The universal healthcare insurance mandate of ObamaCare cannot not apply outside the United States.  For purposes of mandatory coverage, the Act covers all “applicable individuals.”  But the definition excludes

  • religious conscience exemption,
  • incarcerated individuals,
  • health-sharing ministries, for individuals sharing “a common set of ethical or religious beliefs and share medical expenses among members in accordance with those beliefs”; and
  • individuals who, for the month in question, are not a citizen or national of the United States or an alien lawfully present in the United States.  On any given month, the mandatory health insurance coverage does not apply to U.S. citizens residing abroad (under Section 911(d) of the Internal Revenue Code) or in U.S. territories and possessions

Peripatetic Employees: Social Security and Retirement Benefits. The United States has entered into certain treaties with other countries for the reciprocal recognition of entitlement to social security benefits for nationals of one country who work in another.  The normal work period for entitlement is five years.  For the U.S.-India convention, the wait is 10 years, long after the expiration of the 6-year maximum for an H1-B visa.

Discrimination against Knowledge Workers (“Discrimination based on Salary”). ObamaCare does not allow employers to discriminate in favor of a group of persons based on based on the total hourly or annual salary of the employee or otherwise establish eligibility rules that have the effect of discriminating in favor of higher wage employees under Section 2716.  Of course, discrimination against highly-compensated employees is permitted, allowing plan sponsors to impose “contribution requirements for enrollment in the plan or coverage that provide for the payment by employees with lower hourly or annual compensation of a lower dollar or percentage contribution than the payment required of similarly situated employees with a higher hourly or annual compensation.”  In effect, nothing prevents an employer for charging more to highly paid employees for the same health coverage.  Id.

Medical Tourism for Cosmetic Surgery.   Section 9017 of the Act establishes a new 5% excise tax on cosmetic surgery, which is defined as any medical procedure that is “not necessary to ameliorate a deformity arising from, or directly related to, a congenital abnormality, a personal injury resulting from an accident or trauma, or disfiguring disease.”  The tax is imposed on the patient, but the surgeon must pay it if he or she fails to collect and pay the tax at the time of the surgery.  The tax applies retroactively to all procedures performed on or after January 1, 2010.  While a 5% tax might not make a difference for wealthy persons, it certainly will promote medical tourism to India, Brazil and other foreign high-tech medical destinations.

Trade Regulation Supports Offshoring. The current international trade regulatory regime does not stand in the way of enterprises moving jobs around to obtain skills anywhere.  Nothing in the WTO agreements requires foreign countries to match similar labor entitlements.  Nothing in the WTO agreements allows the U.S. to impose an import tariff on the work product of foreign labor, since that would discriminate on the basis of country of origin.  In the field of trade in goods, the WTO (and before it, GATT) applies long-standing solutions of countervailing duties to offset foreign governmental export subsidies and anti-dumping duties to prevent predatory foreign pricing.  Such solutions simply do not function in a service-based global economy.  In short, the WTO regime supports offshoring.

Impact of ObamaCare on Globalization and Offshore Outsourcing.

  • Wider Gap, More Labor Arbitrage. By increasing the costs and regulatory burdens on employers hiring individuals lawfully in the United States, the Patient Protection and Affordable Care Act widens the gap between U.S. labor costs and foreign labor costs.   Quite literally, it is built upon a tax on business and a tax on individuals.  Accordingly, it is predictable that ObamaCare will accelerate offshoring and globalization of talent pools of enterprises large and small.
    • Expansion of the Global Small Business. While small businesses with fewer than 25 employees may be able to obtain U.S. federal subsidies for offering healthcare insurance, they lose such subsidies if they grow, and even if they qualify the subsidies are limited to promotion of healthcare for low-wage workers.  Hence, even small businesses have an incentive to develop multinational talent pools.  As part of this evolution, savvy entrepreneurs (and their Venture Capital investors) will constantly seek methods for hiring talent globally, whether by outsourcing or offshoring, or both.
    • Rise of the Global Sweat-Equity Business. The “new normal” under U.S. labor law opens the door for a “global sweat-equity business,” where all (or most) workers are co-owners.   ESOPs (employee stock ownership plans) are complicated and limited to U.S. law.   Other partnership-type legal paradigms can achieve a “global sweat-equity business” for rapidly growing entrepreneurial ventures.   Many smaller businesses (with between 25 and 100 employees) can pursue global markets using global talent and global sources of investment and innovation.  With a suitable legal structure, global “sweat equity” enterprises can tap into global talent and yet provide a single layer of income taxation and incentive compensation (in the form of equity interests and/or profit sharing) to employees globally.  The details of such business models involve taxation, employment law, intellectual property, corporate and relationship governance, securities law for owner-employees, risk management and other disciplines.  Beyond simple outsourcing, the global sweat-equity business model offers the one-to-one relationships globally that were promised by the Internet revolution.

    P.S. See the Bierce & Kenerson, P.C. webinar, December 9, 2010, on the “Global Sweat-Equity Business.”

    U.S. Discrimination against Foreign Call Centers: Sen. Schumer’s Personal Trade War

    June 30, 2010 by

    Call center operations can be conducted anywhere in the world without U.S. regulation, unless the activities involve regulated business services such as mortgage banking, consumer credit and lending, broker-dealer securities brokerage, life insurance sales and the regulated professions such as public accounting, the practice of law, engineering and architecture. The Democrats and the Obama Administration appear to want to control call center operations more than the mere directive in the TARP program, which forbids the use of any federal funds by TARP stimulus recipients for foreign call centers. Now comes Sen. Charles Schumer (D., N.Y.) with a proposal to tax all foreign call center calls at $0.25 per call, but exempt all U.S. call center calls from this tax.

    Schumer’s Discriminatory Foreign Call Center Bill.
    By Press Release dated June 2, 2010, Sen. Schumer unveiled a “bill to rein in outsourcing of call center jobs to foreign countries” and to “maintain thousands of jobs in New York and the U.S.” and “provide incentive for jobs to return” home. The bill would have two key features:

    o Disclosure of Foreign Call Center Activity. Call center agents at the other end of the line would have to disclose to the caller what country they are from, as well as in which countries the confidential customer data of American customers is kept. The disclosure requirement also forces companies to annually certify to the Federal Trade Commission (FTC) that they are complying with this requirement. Companies that fail to certify they are fully disclosing call transfers would be subject to civil penalties that the Federal Trade Commission (FTC) would prescribe.

    o Taxation of Foreign Call Centers. Companies that transfer domestic calls to foreign countries would have to pay a per-call excise tax. US companies would be required to disclose quarterly, and in their annual reports, how many customer service calls they received, and how many are sent overseas.

    “If we want to put a stop to the outsourcing of American jobs, than we need to provide incentives for American companies to keep American jobs here,” said Schumer. “This bill will not only serve to maintain call center jobs currently in the United States, but also provide a reason for companies that have already outsourced jobs to bring them back.” He noted that exported call center activity is most prevalent in India, Indonesia, Ireland, Canada, the Philippines, and South Africa.

    “This bill will go a long way toward keeping American jobs right here at home,” continued Schumer. “If we want to stop the exporting of American jobs than we need to make it less beneficial for companies to layoff American workers and send jobs overseas and we can do that by providing disclosure as to where calls are being routed and less financially more beneficial to send them abroad.”

    Sen. Schumer’s press release omitted any statistics of the number of jobs affected, the proportion of call center agents that handle foreign local customers, the turnover (attrition) rates for domestic vs. foreign call centers, or the types of services rendered by domestic vs. foreign call centers. According to the Associated Press (May 30, 2010), a 2007 Cornell study found that most call centers servicing American customers were located in the United States. The omission of any statistical analysis underscores how emotional this issue has become.

    Smoot-Hawley and WTO.
    Sen. Schumer has taken a position that clearly violates American trade obligations. Indeed, House Financial Services Committee Chairman Barney Frank (D., Mass.) said as much of this proposal to prohibit TARP recipients from increasing their use of foreign call centers. Rep. Frank’s comments underscore that Sen. Schumer’s policies are not universally accepted, and that Congress should think twice.

    But I do want to point out a difficulty that Members of this House should contemplate. We run the risk here that this may violate our obligations under the World Trade Organization. As someone who voted against joining, and I say that without any embarrassment, I would say to Members who will be joining, I believe, virtually every Member of this House in supporting the gentlewoman’s amendment that perhaps it should lead them to rethink to having so enthusiastically subscribed to the WTO agreement without some changes. It certainly seems to us that while we do know the government is directly involved, spending its own money, you can have a requirement for domesticity. It is unclear what the interpretation will be here. The interpretation [might] be not be purely an American one. It will be in the dispute resolution procedures of the WTO.

    So as we go forward in this Congress and we are told about the advantages of a multilateral approach to trade, and I agree that, properly done, that is very advantageous, I hope Members who more enthusiastically than I embraced this principle will stop to think about it.

    Some of us who were worried about the job impact of international economic relations have been derided as the reincarnation of Smoot and Hawley. Well, I guess Smoot and Hawley would have been with us on this one because it says companies who do business in America cannot go overseas for hiring. That’s not trade in the old way because they didn’t have the option of doing this in the old way with technology. But it is a restraint on international economic activity. It is the government’s saying to the market you may not do this because it will have a negative impact on our employment.

    Now, I think that’s legitimate, especially here, since it will only apply to companies that are receiving this assistance. But understand the principle. Those who say it’s always a good thing to allow the market to totally run because it will enhance capacity are agreeing that in this case, because we have the hook on which to hang it, we can undercut that.

    But the fact that we have the hook in the TARP doesn’t change what the economics would be. So I welcome what I think is a renewed recognition for some and a belated recognition for others that a regime in which none of these considerations of local employment can be considered is not necessarily in our best interest. SOURCE: Cong. Rec. p. H 408 (Jan. 21, 2009), on debate on Tarp Reform and Accountability Act Of 2009.

    GATS. Senator Schumer appears not to have reviewed the policy of “national treatment” under Article XVII of the General Agreement on Trade in Services (GATS), a WTO agreement that is legally binding on the U.S. by reason of American ratification under President Bill Clinton. That text states:

    “In sectors described in its schedule [of adhesion to the agreement], and subject to any conditions and qualifications set out therein, each Member shall accord to services and service suppliers of any other Member, in respect of all measures affecting the supply of services, treatment no less favorable than it accords to its own like services and suppliers.”

    Clawback. Protectionist laws lead to counter-protectionist laws by trading partners. History has many examples of trade retaliation where the producers of apples suffer new foreign retaliatory tariffs because producers of oranges got a protectionist deal by having a $0.25 per unit excise tax advantage. Those of us American who sell services — such as professional services, consulting services, business advisory services, customer service, IT service, etc – and those who export goods or licensed technologies — will be exposed to retaliation by foreign countries who believe such an excise tax violates the US obligations under GATS. In other scenarios, U.S. producers of unrelated services and goods could be the subject of retaliatory and discriminatory foreign tariffs and taxes. This is old news (click here to read more on this subject).

    Rule of Law. Sen. Schumer’s approach to legislation is an abuse of international public law. If Sen. Schumer wants to abrogate U.S. treaty obligations, he should say so and simply seek to abrogate the WTO agreements that give U.S. exporters national treatment in foreign markets. Such an idea may be permitted under U.S. constitutional provisions that allow a later law to abrogate a prior treaty.

    Fair Trade.
    Hillary Clinton, as a Presidential candidate in 2008, actually had a more novel approach that explains why she is Secretary of State. She proposed “Fair Trade,” not “Free Trade.” She promoted a bilateral review of trade benefits (contrary to the multilateral approach of the WTO) and a renegotiation of U.S. trade obligations and termination for those countries that breached their WTO obligations of openness, transparency and national treatment. Sen. Schumer’s protectionist approach would not bother with such formalities, without mentioning the probability of foreign disrespect for American trade rights. Hillary Clinton was smarter about “fair trade” in her campaign. She at least understood existing law. Read more

    Cyber Security Threat Management in Outsourcing: The Coming National Security Regulation of ITO, BPO and KPO

    January 29, 2010 by

    Imminent national regulation of Internet-based services will impact all companies that use the Internet for project management, collaboration, and remote transaction processing. Google and China have precipitated a showdown that may cause the extension of a web (!) of national of Internet regulations, with many consequences on the freedom and costs of running a global business or servicing customers remotely. The showdown highlights the fact that cybersecurity threats come from many sources, including foreign nation states, domestic criminals and hackers and disgruntled employees.

    On January 12, 2010, Google Inc. announced by blog that it had been the target of concerted attacks from Chinese hackers, that its intellectual property had been compromised and that the attacks targeted the identities of its subscribers. See press release, http://www.sec.gov/Archives/edgar/data/1288776/000119312510005667/dex991.htm . Google’s blog revealed that “at least twenty other large companies from a wide range of businesses—including the Internet, finance, technology, media and chemical sectors” were affected. The Wall Street Journal reported that 34 U.S. companies were targets, including Adobe Systems Inc. and Juniper Networks Inc. Other companies such as Symantec acknowledged they are under constant siege of cyberattacks. Cyber warfare attacks have been reportedly used in Iran to ferret out political dissidents and in Georgia to overload telecommunications during military exercises. China filters Internet content through registration and regulation of Internet services.

    Cybersecurity is a critical foundation for any country’s national security and economic security and, indirectly, global trade in IT-enabled services and in the global supply chain. Information networks support financial services, energy, telecommunications, transportation, health care, and emergency response systems, as well as ordinary commerce, employment, education, civil liberties and social and family cohesion. The security of private information networks, such as Google, Yahoo, Symantec and Juniper Networks and the underlying software such as Adobe Systems and Microsoft, are the foundation for today’s global economy.

    In global sourcing, cyber security is an essential commitment by anyone business seeking to acquire and be a trusted custodian of personally identifiable information (“PII”). If enterprises (“data controllers” under the European Union Data Protection Directive) are going to gather PII and contract with service providers (“data processors”) to process it, the risk of cyber attacks frames the debate on risk allocation, roles, responsibilities, pricing and process integration.

    For all participants in the outsourcing industry, it’s time to fresh look at legal structures and financial implications of cybersecurity.

    Existing General U.S. Cybersecurity Laws. Current U.S. legislation and regulations already require cybersecurity compliance, audit, certification and compliance generally. Special cybersecurity mandates arise under the Health Insurance Portability and Accountability Act (“HIPAA”) of 1996, the Sarbanes-Oxley Act of 2002 (“Sox”), state security breach notification legislation and credit card rules applicable to banking transactions (the “PCI rules”). The Computer Fraud and Abuse Act, 18 USC 1030, protects against unauthorized disclosure of most computer data. In addition to securities regulations on insider trading, common law also imposes cybersecurity mandates on lawyers and others receiving confidential financial information. Other cybersecurity rules exist in other legislation:

    (1) the Privacy Protection Act of 1980 (42 U.S.C. 2000aa);
    (2) the Electronic Communications Privacy Act of 1986 (18 U.S.C. 2510 note);
    (3) the Computer Security Act of 1987 (15 U.S.C. 271 et seq.; 40 U.S.C. 759);
    (4) the Federal Information Security Management Act of 2002 (44 U.S.C. 3531 et seq.);
    (5) the E-Government Act of 2002 (44 U.S.C. 9501 et seq.);
    (6) the Defense Production Act of 1950 (50 U.S.C. App. 2061 et seq.);
    (7) any other Federal law bearing upon cyber-related activities; and
    (8) any applicable Executive Order or agency rule, regulation, guideline.

    But there are no laws mandating that small business or individuals adopt cybersecurity standards (other than general rules).

    Public and Private Assets: “Critical Infrastructure” and “Protected Systems.” Already, the cybersecurity jurisdiction of the Department of Homeland Security applies to both “critical infrastructure” and “protected systems.” The concept of “protected system” would extend the more restrictive concept of “critical infrastructure” to virtually any private computer network. A “protected system” would mean “any service, physical or computer-based system, process, or procedure that directly or indirectly affects the viability of a facility of critical infrastructure.” It would include “any physical or computer-based system, including a computer, computer system, computer or communications network, or any component hardware or element thereof, software program, processing instructions, or information or data in transmission or storage therein, irrespective of the medium of transmission or storage.” Homeland Security Act, Sec. 212. In short, national security and economic security mean that public and private assets will be managed as one suite of assets at risk.

    Special Purpose Legislation: Electrical Grids. According to legislation proposed in April 2009, “According to current and former national security officials, cyber spies from China, Russia, and other countries have penetrated the United States electrical system in order to map the system, and have left behind software programs that could be used to disrupt and disable the system.” Proposed “Critical Electric Infrastructure Protection Act,” H.R. 2195, An Act to amend the Federal Power Act to provide additional authorities to adequately protect the critical electric infrastructure against cyber attack, and for other purposes, 111th Cong, 1st Sess. The proposed law would require the Secretary of Homeland Security, working with other national security and intelligence agencies, to “conduct research and determine if the security of federally owned programmable electronic devices and communication networks (including hardware, software, and data) essential to the reliable operation of critical electric infrastructure have been compromised,” including “the extent of compromise, identification of attackers, the method of penetration, ramifications of the compromise on future operations of critical electric infrastructure, secondary ramifications of the compromise on other critical infrastructure sectors and the functioning of civil society, ramifications of compromise on national security, including war fighting capability, and recommended mitigation activities.” Preamble. In short, the new law (if enacted) would amend the Homeland Security Act of 2002 (6 U.S.C. 133(i)) to require special studies to “ensure the security and resilience of electronic devices and communication networks essential to each of the critical infrastructure sectors.”

    Pending General Cybersecurity Legislation: Cybersecurity Act of 2009. In April 2009, Sen. Jay Rockefeller (D., W. Va.) introduced a draft Cybersecurity Act of 2009, S 773, 111th Cong., 1st Sess. The bill’s long-form name is “An Act To ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cyber security defenses against disruption, and for other purposes.” The draft focuses on the commercial impact of cyber espionage: “Since intellectual property is now often stored in digital form, industrial espionage that exploits weak cybersecurity dilutes our investment in innovation while subsidizing the research and development efforts of foreign competitors. In the new global competition, where economic strength and technological leadership are vital components of national power, failing to secure cyberspace puts us at a disadvantage.” S. 773, Sec. 2 (2). The drafters warned that the nation is unprepared for “a massive cyber disruption [that] could have a cascading, long-term impact without adequate co-ordination between government and the private sector.” S. 773, Sec. 2 (6).

    Cybersecurity Advisory Panel. The draft law contemplates the appointment of a panel of advisors to include “representatives of industry, academic, non-profit organizations, interest groups and advocacy organizations, and State and local governments who are qualified to provide advice and information on cybersecurity research, development, demonstrations, education, technology transfer, commercial application, or societal and civil liberty concerns.” S. 773, Sec. 3(b)(i).

    Cybersecurity Dashboard. The bill would also “implement a system to provide dynamic, comprehensive, real-time cybersecurity status and vulnerability information of all Federal Government information systems and networks managed by the Department of Commerce.” S. 773, Sec. 4.

    Cybersecurity Institute. Under the bill, the Secretary of Commerce would provide assistance for the creation and support of “Regional Cybersecurity Centers” for the promotion and implementation of cybersecurity standards. Each Center would be affiliated with a United States-based nonprofit institution or organization, or consortium thereof, that applies for and is awarded financial assistance. Such centers would seek to enhance the cybersecurity of small and medium sized businesses and industrial firms in United States through the dissemination and transfer of cybersecurity standards, processes, technology, and techniques developed at the National Institute of Standards and Technology (“NIST”). www.nist.gov. S. 773, Sec. 5(a). This approach reflects other draft legislation, such as the Cybersecurity Enhancement Act of 2009, HR 4061, 111th Cong., 1st Sess., for cybersecurity research, development, education and technical standards for identity management technologies, authentication and security protocols, expanding on the existing Cyber Security Research and Development Act (15 U.S.C. 7401).

    Licensing of Cybersecurity Professionals. The draft law would require a national licensing, certification, and periodic recertification program, under the aegis of the Department of Commerce, for cybersecurity professionals (defined as “providers of cybersecurity services”). Such licensing would effectively submit all outsourcing service providers to U.S. federal jurisdiction and enforcement of cybersecurity compliance standards. S. 773, Sec. 7.

    Federal Standards. Within a year after enactment, the NIST would be required to “establish measurable and auditable cybersecurity standards for all Federal Government, government contractor, or grantee critical infrastructure information systems and networks.” These would include standards for

    (1) security controls that are known to block or mitigate known attacks;
    (2) the software security, including a separate set of such standards for measuring security in embedded software such as that found in industrial control systems;
    (3) standard computer-readable language for completely specifying the configuration of software on computer systems widely used in the Federal Government, by government contractors and grantees, and in private sector owned critical infrastructure information systems and networks;
    (4) standard configurations for security settings for operating system software and software utilities widely used in the Federal Government, by government contractors and grantees, and in private sector owned critical infrastructure information systems and networks; and
    (5) sniffer standards to identify vulnerabilities in software to enable software vendors to communicate vulnerability data to software users in real time.

    The NIST would establish a standard testing and accreditation protocol for all software built by or for the Federal Government, its contractors, and grantees, and privately owned critical infrastructure information systems and networks. The testing would occur during the software development process and on acceptance prior to deployment of software.

    International Standards. The draft Cybersecurity Act of 2009 would require the U.S. to participate in setting international standards for cybersecurity. But it stops short of any hope for an international law on cybersecurity. It does not call for a convention on cybersecurity. Certainly any negotiations for such a convention could lead to a “least common denominator” of weak standards and political excuses. In light of the impact on trade in services, certainly cybersecurity would be a subject that might fall under the mission of the World Trade Organization, www.wto.org, or the Organization for Economic Development, www.oecd.org. As it is, the International Standards Organization, www.iso.org, would be the probable forum for any such discussions. Also, the bill would require the President to “work with representatives of foreign governments” to develop norms, organizations, and other cooperative activities for international engagement to improve cybersecurity and to encourage international cooperation in improving cybersecurity on a global basis. S. 773, Sec. 21.

    Further Legislation. The United States already has several laws governing cyber security. The draft Cybersecurity Act of 2009 would require the President to review and propose changes in existing cybersecurity laws.

    “Pulling the Plug” on Impaired Cyber Infrastructure. The Cybersecurity Act would set up a framework for national regulation of the Internet, which currently is controlled by ICANN, a California-incorporated non-profit organization. www.icann.org. One of the most controversial provisions in the bill would allow the President to shut down the Internet during a time of crisis. The President would be authorized to declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network. S. 773, Sec. 18(2). The President “may order the disconnection of any Federal Government or United States critical infrastructure information systems or networks in the interest of national security.” S. 773, Sec. 18(6). This police power would be generally without judicial review.

    Insurance and Risk Disclosure and Mitigation. The bill invites Presidential reports to Congress on ways to manage commercial risks of cyber attacks. Such reports would seek to identify the feasibility of:

    (1) creating a market for cybersecurity risk management, including the creation of a system of civil liability and insurance (including government reinsurance); and

    (2) requiring cybersecurity to be a factor in all bond ratings. Sec. 15.

    Identity Management; Identity Theft; Civil Liberties. The bill requires the President to present a report on the “feasibility of an identity management and authentication program, with the appropriate civil liberties and privacy protections, for government and critical infrastructure information systems and networks.” This provision creates a balance between national security and civil liberties guaranteed by the Constitution.

    Investment in Security. The current appropriations bill for the Department of Homeland Security, for the fiscal year ending September 30, 2010, contemplates a small budget for infrastructure security on the scale contemplated in the draft Cybersecurity Act. See, Pub. L. 111-83, H.R.2892, Department Of Homeland Security Appropriations Act, 2010, 111th Cong., 1st Sess. (Oct. 28, 2009).

    Implications for Outsourcing.

    New Opportunities for Outsourcing of Cybersecurity. As cybersecurity becomes more complex, new opportunities will emerge for service providers that deliver protected processes complying with new regulatory standards.

    Industry Sectors; “Verticals.” Outsourcing services (including shared service centers and captive processing centers) manage many “critical infrastructures” that are essential to national security and economic security. Certain sectors are generally included in the definition of “critical infrastructures”: banking, financial services and insurance (“BFSI”), public utilities (water, telecommunications, transportation, oil and gas and electricity supply), emergency services and government. See John Motoff and Paul Parfomak, “Critical Infrastructure and Key Assets: Definition and Identification,” Cong. Research Service (Oct. 1, 2004), http://www.fas.org/sgp/crs/RL32631.pdf. The current statutory definition (established in the USA PATRIOT Act of 2001, Sec. 1016(e) and referenced in the Homeland Security Act of 2002) states:

    Systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating effect on the security, national economic security, national public health or safety, or any combination of those matters.

    Under this sweeping definition, virtually all of outsourcing and the economic supply chain of goods and services could be seen as a “critical infrastructure” for regulation, protection and ultimately potential control by the federal government for purposes of security of the government, economy, health and safety.

    Covered ITO and BPO Service Providers. The Cybersecurity Act of 2009 would apply new standards to government contractors and grantees and private sector “critical infrastructure systems and networks.” However, in due course, such standards could be applied to all “protected computers” and private computers as well.

    Vendor Selection. By adopting national cybersecurity standards, any new federal legislation would impact the selection of competing outsourcing vendors, based on compliance and risk assessments. Smaller vendors, that might comply today with ISO 27000 but not the PCI credit card security standards or any new federal cybersecurity standards, might not be competitive. Their market value might decline, and their selling prices in an acquisition might be lower on the basis of earnings multiples or other valuation metrics.

    National Regulation of Cybersecurity. In short, all business and personal computers would be “protected systems” subject to national security protections, including registrations, licensing, compliance and verification. It is clear that the draft law would superimpose itself on all outsourcing contracts that involve the use of any computers. In short, it would apply to all sourcing contracts.

    Allocation of Risk for Compliance with Applicable Law. Generally, outsourcing contracts require service providers (including software developers and IT infrastructure support providers) to comply with applicable U.S. law. The draft Cybersecurity Act of 2009 would be implicit in all applications development and maintenance contracts. It would apply to software developed outside the United States.

    Extraterritorial Application of National Laws. Currently, the United States and other countries have laws intended to regulate conduct of persons outside their borders that have an impact inside their borders. Such extraterritorial laws include the Foreign Corrupt Practices Act, the Export Administration Act and the International Trade in Arms Regulations. Outsourcing service providers already are expected to comply with such legislation. Service providers should anticipate the extension of national cybersecurity regulation to their operations outside the United States (and other countries where outsourcing customers receive the services). Further, the U.S. Homeland Security department might conduct inspections on foreign territory, subject to local governmental authorization, similar to historical inspections conducted by the Federal Aviation Administration for maintenance and repairs done abroad to U.S. registered aircraft.

    Reciprocity between Governments. Protecting outsourcing as an economic process will require governments to collaborate on cybersecurity management. One can easily foresee a new dialogue between the U.S. government and the Government of India, a key source of talent for software development, ITO and BPO, for the mutual adoption of cybersecurity standards, registration, licensing and compliance procedures. A similar dialogue may eventually arise with China, which hopes to promote its technology centers and “software technology parks” as centers of excellence and sources of employment for engineers servicing non-Chinese global enterprises. Similarly, cybersecurity “best practices” are likely to evolve under the aegis of the OECD for economic regulation and NATO for military use.

    For related topics:

    Privacy, Data Protection and Outsourcing in the United States

    wbb

    Outsourcing Law & Business Journal™: January 2010

    January 25, 2010 by

    OUTSOURCING LAW & BUSINESS JOURNAL (™) : Strategies and rules for adding value and improving legal and regulation compliance through business process management techniques in strategic alliances, joint ventures, shared services and cost-effective, durable and flexible sourcing of services. www.outsourcing-law.com. Visit our blog at http://blog.outsourcing-law.com for commentary on current events.

    Insights by Bierce & Kenerson, P.C., Editors. www.biercekenerson.com

    Editor’s Note: As we welcome 2010, we continue to develop our newly re-launched Outsourcing-Law.com™ website and e-newsletter! We invite your feedback on the new Beta site as well as your contributions of content on international jurisdictions or legal issues in governance, risk management and compliance. Please contact us.

    Vol. 10, No. 1 (January, 2010)
    ___________________________

    1. Cyber Security Threat Management in Outsourcing: The Coming National Security Regulation of ITO, BPO and KPO.

    2. Social Security Tax Agreements: The Cost of Expatriate Workers.

    3. Humor.

    4. Conferences/Webinar.
    _______________________________
    1. Cyber Security Threat Management in Outsourcing: The Coming National Security Regulation of ITO, BPO and KPO. Imminent national regulation of Internet-based services will impact all companies that use the Internet for project management, collaboration, and remote transaction processing. Google and China have precipitated a showdown that may cause the nationalization of Internet regulation, with many consequences on the freedom and costs of running a global business or servicing customers remotely. The showdown highlights the fact that cybersecurity threats come from many sources, including  foreign nation states, domestic criminals and hackers and disgruntled employees….

    Cybersecurity is a critical foundation for any country’s national security and economic security and, indirectly, global trade in IT-enabled services and in the global supply chain….In global sourcing, cyber security is an essential commitment by anyone business seeking to acquire and be a trusted custodian of personally identifiable information (“PII”). If enterprises (“data controllers” under the European Union Data Protection Directive) are going to gather PII and contract with service providers (“data processors”) to process it, the risk of cyber attacks frames the debate on risk allocation, roles, responsibilities, pricing and process integration.

    For all participants in the outsourcing industry, it’s time to fresh look at legal structures and financial implications of cybersecurity. For the complete article, click here.

    2. Social Security Tax Agreements: The Cost of Expatriate Workers. Whenever citizens of one country set up operations or perform services in another country, they face the challenge of dual taxation. Dual taxation can be particularly oppressive where two countries tax the same income, or require payments of some form of tax on the same business activities. To avoid such burdens, model income tax treaties and estate tax treaties have evolved under the aegis of the OECD. Other treaties may apply to allow workers from one country to avoid paying social security to the government of another country. This article addresses the question whether bilateral social security tax agreements have a material impact on mobility of technical service workers moving between a service delivery center (such as India) and a service recipient’s facilities (such as in the United States). Click here to see the entire article.

    3. Humor.

    Cybersecurity, n. (1) a locked door; (2) an open door with pass key; (3) trust; (4) hope.

    4. Conferences/Webinar.

    January 22, 2010, Webinar on How Can You Leverage An Economic Development Group In Your Global Sourcing Strategy? Presented by Global Sourcing Council. Eric Hochstein of the Ontario Ministry of Economic Development and Trade will discuss the pros and cons of near-shore sourcing and the socially responsible aspects of sourcing to Canadanderstanding how successful and growing partnerships between companies in the United States and Canada have strengthened businesses on both sides of the border and around the world. To register, please click here.

    January, 24-26, 2010, IQPC Business Process Outsourcing and Shared Services Exchange 2010, San Diego, California. This is an invitation-only gathering for VP and C-Level senior Shared Services and Outsourcing executives made up of highly crafted, executive level conference sessions, interactive “Brain Weave” discussions, engaging networking opportunities and strategic one-on-one advisory meetings between solution providers and delegates. With a distinguished speaking faculty from McGraw-Hill, Ingram Micro and Pfizer, amongst others, the seats at the 2010 Exchange are limited and filling up quickly. We have limited complimentary invitations available for qualified delegates for a limited time. Please give us your reference ‘Outsourcing Law’ when inquiring. There are solution provider opportunities also available for companies who want to be represented. You can request your invitation at exchange@iqpc.com, call at 1866-296-4580 or visit their website.

    January 28-29, 2010, Global Services Conference, Jersey City, New Jersey. Through the entire episode of the global economic meltdown, the global outsourcing services industry has seen the rise of a group of suppliers who are redefining many traditional management practices; changing the long-standing model for contracting offshore services; collaborating with clients in new ways; and gaining more control over outsourcing strategies. This conference focuses on these changes in the global services model and the learning from this period. OSL subscribers qualify for a special rate. Use code GSCOLJ for free/ complimentary registration to buyers. Buyers include buyers of outsourcing and offshoring services in IT and BPO. For more information, visit their website.

    February 15-17, IAOP’s 13th Annual 2010 Outsourcing World Summit, Lake Buena Vista, Florida. This event is designed for outsourcing executives from across the industry and around the world who are seeking the very latest insights and ideasand is themed as “Using Outsourcing to Emerge as a Leader in the New Global Economy”. Educational sessions deliver specific actionable solutions to current challenges faced by experienced professionals. Case studies feature actual experiences and the lessons learned, feature new ideas, approaches and opportunities. For more information, click here.

    February 22-24, 2010, SSON and IQPC 8th Procure-to-Pay Summit, Miami, Florida focuses on “Fostering Smart Partnerships to Optimize Cash Flow and Deliver Positive Business Outcomes from End to End.” This Summit is all about making the most of your smart partnerships to increase cash flow and improve business outcomes as companies move away from a reactionary mode toward sustainable practices. While we may not yet be out of the woods, so to speak, it is clear that the economic landscape in 2009 has created opportunities for companies to create new synergies with their P2P partners to help promote growth for 2010 and beyond. For more information, click here.

    February 24-25, 2010, IQPC’s 3rd E-Discovery for Financial Services Conference, New York, New York. Learn the Best Review, Retention and Destruction Procedures to Cut Costs and Response Time During a Financially Troubled Economy. This event examines, from the unique perspective of high-level financial executives, how the challenges of each financial sector intersect with e-discovery proceedings and processes. View the complete program agenda at www.ediscoveryevent.com/finance.

    March 22-26, 2010, SSON presents the 14th Annual North American Shared Services & Outsourcing Week, Orlando, FL. This event includes speakers from top companies: Aramark, Arbys/Wendy’s, AstraZeneca, Chevron, Coca-Cola, Conagra Foods, General Motors, Kellogg, Kraft, Microsoft, Monster, NASA, Northrop Grumman, Oakley, Perdue Farms, Schering Plough, Warner Brothers and more. It will include new and enhanced features:

    * G8: Global Sourcing Think Tank Eliminating the White Noise: The first ever neutral platform to help shape a common industry agenda in the US
    * Under the C-Suite Spotlight with Rene Carayol, An Exclusive Onstage CXO Interview: Board-room revelations regarding shared service & sourcing model strategy
    * New, Strong, Business Outcome-Focused Content: 8 content-intense tracks, from Planning & Launching and BPO Evolution to IACCM’s Contracting to Collaboration
    * Enhanced Annual Features: Quick Wins Energizers, Speed Networking, Blue Sky Innovation Room for Mature SSO’s, and more.

    Please contact Kim Vigilia directly at 1-212-885-2753 or at kim.vigilia@iqpc.com with your special code IUS_OSL_#1 to get a 20% discount off the all-access pass. You can also visit the website at www.sharedservicesweek.com.

    March, 25-26, 2010, American Conference Institute’s 4th National Forum on Reducing Legal Costs, Dallas, Texas. This essential cross-industry benchmarking forum gathers together more than 30 senior corporate counsel and legal sourcing managers responsible for cost-reduction success stories, as well as leaders from law firms who are pioneers in the alternative fee world, to guide those in attendance on the complexities of keeping legal department costs in check. Now in its fourth installment, this event also offers unique networking opportunities with senior practitioners in the field, includingin-house counsel across a wide spectrum of companies and industries. For more information, visit their website.

    ******************************************

    FEEDBACK: This newsletter addresses legal issues in sourcing of IT, HR, finance and accounting, procurement, logistics, manufacturing, customer relationship management including outsourcing, shared services, BOT and strategic acquisitions for sourcing. Send us your suggestions for article topics, or report a broken link at: webmaster@outsourcing-law.comThe information provided herein does not necessarily constitute the opinion of Bierce & Kenerson, P.C. or any author or its clients. This newsletter is not legal advice and does not create an attorney-client relationship. Reproductions must include our copyright notice. For reprint permission, please contact: publisher@outsourcing-law.com. Edited by Bierce & Kenerson, P.C. Copyright (c) 2010, Outsourcing Law Global LLC. All rights reserved. Editor in Chief: William Bierce of Bierce & Kenerson, P.C. located at 420 Lexington Avenue, Suite 2920, New York, NY 10170, 212-840-0080.

    Social Security Tax Agreements: The Cost of Expatriate Workers

    January 21, 2010 by

    Whenever citizens of one country set up operations or perform services in another country, they face the challenge of dual taxation. Dual taxation can be particularly oppressive where two countries tax the same income, or require payments of some form of tax on the same business activities. To avoid such burdens, model income tax treaties and estate tax treaties have evolved under the aegis of the OECD. Other treaties may apply to allow workers from one country to avoid paying social security to the government of another country.

    This article addresses the question whether bilateral social security tax agreements have a material impact on mobility of technical service workers moving between a service delivery center (such as India) and a service recipient’s facilities (such as in the United States).

    Double tax treaties allocate the rights of the two countries to tax the same income or activities. In the case of income tax treaties, the key determinant is whether the activities form a “permanent establishment” that serves as a sufficient nexus for the host country to tax the income and the activities. In the case of workers visiting on work visas, social security treaties allocate both the social security charges deducted from local wages and the liability of each state for payment of the social benefits (such as medical care and retirement income) from the workers’ activities.

    The Times of India reported on January 18, 2010, that India and the United States are negotiating a Bilateral Investment Promotion Agreement and a Social Security Treaty. Http://timesofindia.com/articleshow/5462979.cms. U.S.-visiting personnel of Indian outsourcers (and Indian service captives of U.S. companies) have been paying U.S. Social Security taxes from the first day of their secondment to the U.S. locations. Payments are due from both the employer and the employee at the rate of 7.65% for various combined federal social taxes. Their visas (typically H1-B) may permit work in the U.S. only for 6 years. However, under U.S. Social Security rules (applicable in the absence of a treaty), such personnel are not entitled to receive any U.S. social security benefits unless they remain in the U.S. for at least 10 years (40 quarters).

    The U.S. Social Security Administration (“SSA”) has its own explanation of the various social security treaties:

    Since the late 1970’s, the United States has established a network of bilateral Social Security agreements that coordinate the U.S. Social Security program with the comparable programs of other countries. This article gives a brief overview of the agreements and should be of particular interest to multinational companies and to people who work abroad during their careers.

    International Social Security agreements, often called “Totalization agreements,” have two main purposes. First, they eliminate dual Social Security taxation, the situation that occurs when a worker from one country works in another country and is required to pay Social Security taxes to both countries on the same earnings. Second, the agreements help fill gaps in benefit protection for workers who have divided their careers between the United States and another country.

    Agreements to coordinate Social Security protection across national boundaries have been common in Western Europe for decades. Following is a list of the agreements the United States has concluded and the date of the entry into force of each. Some of these agreements were subsequently revised; the date shown is the date the original agreement entered into force.

    Country Entry into Force
    Italy November 1, 1978
    Germany December 1, 1979
    Switzerland November 1, 1980
    Belgium July 1, 1984
    Norway July 1, 1984
    Canada August 1, 1984
    United Kingdom January 1, 1985
    Sweden January 1, 1987
    Spain April 1, 1988
    France July 1, 1988
    Portugal August 1, 1989
    Netherlands November 1, 1990
    Austria November 1, 1991
    Finland November 1, 1992
    Ireland September 1, 1993
    Luxembourg November 1, 1993
    Greece September 1, 1994
    South Korea April 1, 2001
    Chile December 1, 2001
    Australia October 1, 2002
    Japan October 1, 2005
    Denmark October 1, 2008
    Czech Republic January 1, 2009
    Poland March 1, 2009

    Source:  http://www.ssa.gov/international/agreements_overview.html

    The list of such countries shows that the U.S. typically has a significant incentive to avoid the imposition of double social security taxes on U.S. citizens and residents who are expatriates abroad than for incoming foreign workers who come to the United States. U.S. expatriates are entitled to U.S. social security coverage, and must contribute, if they work for a foreign subsidiary of the U.S. employer that elects, by agreement with the Internal Revenue Service under section 3121(l) of the Internal Revenue Code, to pay Social Security taxes for U.S. citizens and residents employed by the affiliate.

    U.S. Social Security Treaties. Aside from South Korea, Chile, Australia and Japan, virtually all such treaties are with European Union countries. A brief review of the most recent treaties (Czech Republic and Poland) shows that the dual social security taxes are waived based on residency for under 5 years, not the 10 years that applies to individuals from other countries (such as India) without a social security agreement. The requirement of some minimum residency before entitlement to local social security program participation serves public policy by not entitling foreign workers in the U.S., for example, to enjoyment of such programs without making substantial contributions. On the other hand, such minimum residency requirements conflict with the H1-B visa limitation of a six-year maximum stay. As a practical matter, H1-B visitors can convert their visa status to immigrants (after a long wait), so the minimum residency requirement promotes immigration of highly qualified managerial or skilled workers.

    Indian Social Security Treaties.
    According to the Times of India, India has signed social security totalization agreements with Belgium, France and Germany, which are significant markets for Indian-based ITO and BPO service providers. The article did not specify any minimum residency period under such agreements.

    Impact on Outsourcing and Foreign Captives. Social security totalization agreements serve to allocate between two national governments two separate cash flows: (i) income (contributions by local employer and the locally present expatriate employee) and (ii) expense (a future stream of social security benefits after satisfaction of the minimum residency requirements). Where the host country such as the U.S. charges social security deductions to the wages of foreign workers (e.g., Indians seconded to a U.S. customer or affiliate), the U.S. reaps a windfall if the minimum residency is never satisfied. The Times of India article claims that this windfall amounts to $1 billion per year. Where the minimum residency is satisfied, there is no windfall, and indeed the host country could suffer a loss if the expatriate acquires residency.

    The Times of India article suggests that there is an additional burden on Indian workers who work in the USA under H1-B visas. This is questionable, since American employers (whether as affiliates of Indian captives or as enterprise customers of Indian service providers) will still pay their employer’s share of U.S. social security, regardless of the nationality or tax residency of the worker. The only impact is that the Indian workers do not get a discount, exemption or benefit unless they come to the U.S. for the minimum residency period. In short, it appears that the only party disadvantaged is the Indian Treasury, and the absence of a social security totalization agreement between the U.S. and India does not serve as an impediment for hiring of local workers in the U.S. It does, however, play a role in balance of payments in the long term.

    In the scenario at hand, the lack of a social security agreement will also delay liberalization of American investment in India under a separate agreement on protection of investors. Thus, there could be some adverse impact on American companies seeking to invest in India if both agreements are not signed together, or unless one country blinks.

    For related topics:

    See Employment Law.

    wbb

    Next Page »