U.S. Discrimination against Foreign Call Centers: Sen. Schumer’s Personal Trade War

June 30, 2010 by Bierce & Kenerson, P.C. · 1 Comment

Call center operations can be conducted anywhere in the world without U.S. regulation, unless the activities involve regulated business services such as mortgage banking, consumer credit and lending, broker-dealer securities brokerage, life insurance sales and the regulated professions such as public accounting, the practice of law, engineering and architecture. The Democrats and the Obama Administration appear to want to control call center operations more than the mere directive in the TARP program, which forbids the use of any federal funds by TARP stimulus recipients for foreign call centers. Now comes Sen. Charles Schumer (D., N.Y.) with a proposal to tax all foreign call center calls at $0.25 per call, but exempt all U.S. call center calls from this tax.

Schumer’s Discriminatory Foreign Call Center Bill. By Press Release dated June 2, 2010, Sen. Schumer unveiled a “bill to rein in outsourcing of call center jobs to foreign countries” and to “maintain thousands of jobs in New York and the U.S.” and “provide incentive for jobs to return” home. The bill would have two key features:

o Disclosure of Foreign Call Center Activity. Call center agents at the other end of the line would have to disclose to the caller what country they are from, as well as in which countries the confidential customer data of American customers is kept. The disclosure requirement also forces companies to annually certify to the Federal Trade Commission (FTC) that they are complying with this requirement. Companies that fail to certify they are fully disclosing call transfers would be subject to civil penalties that the Federal Trade Commission (FTC) would prescribe.

o Taxation of Foreign Call Centers. Companies that transfer domestic calls to foreign countries would have to pay a per-call excise tax. US companies would be required to disclose quarterly, and in their annual reports, how many customer service calls they received, and how many are sent overseas.

“If we want to put a stop to the outsourcing of American jobs, than we need to provide incentives for American companies to keep American jobs here,” said Schumer. “This bill will not only serve to maintain call center jobs currently in the United States, but also provide a reason for companies that have already outsourced jobs to bring them back.” He noted that exported call center activity is most prevalent in India, Indonesia, Ireland, Canada, the Philippines, and South Africa.

“This bill will go a long way toward keeping American jobs right here at home,” continued Schumer. “If we want to stop the exporting of American jobs than we need to make it less beneficial for companies to layoff American workers and send jobs overseas and we can do that by providing disclosure as to where calls are being routed and less financially more beneficial to send them abroad.”

Sen. Schumer’s press release omitted any statistics of the number of jobs affected, the proportion of call center agents that handle foreign local customers, the turnover (attrition) rates for domestic vs. foreign call centers, or the types of services rendered by domestic vs. foreign call centers. According to the Associated Press (May 30, 2010), a 2007 Cornell study found that most call centers servicing American customers were located in the United States. The omission of any statistical analysis underscores how emotional this issue has become.

Smoot-Hawley and WTO. Sen. Schumer has taken a position that clearly violates American trade obligations. Indeed, House Financial Services Committee Chairman Barney Frank (D., Mass.) said as much of this proposal to prohibit TARP recipients from increasing their use of foreign call centers. Rep. Frank’s comments underscore that Sen. Schumer’s policies are not universally accepted, and that Congress should think twice.

But I do want to point out a difficulty that Members of this House should contemplate. We run the risk here that this may violate our obligations under the World Trade Organization. As someone who voted against joining, and I say that without any embarrassment, I would say to Members who will be joining, I believe, virtually every Member of this House in supporting the gentlewoman’s amendment that perhaps it should lead them to rethink to having so enthusiastically subscribed to the WTO agreement without some changes. It certainly seems to us that while we do know the government is directly involved, spending its own money, you can have a requirement for domesticity. It is unclear what the interpretation will be here. The interpretation [might] be not be purely an American one. It will be in the dispute resolution procedures of the WTO.

So as we go forward in this Congress and we are told about the advantages of a multilateral approach to trade, and I agree that, properly done, that is very advantageous, I hope Members who more enthusiastically than I embraced this principle will stop to think about it.

Some of us who were worried about the job impact of international economic relations have been derided as the reincarnation of Smoot and Hawley. Well, I guess Smoot and Hawley would have been with us on this one because it says companies who do business in America cannot go overseas for hiring. That’s not trade in the old way because they didn’t have the option of doing this in the old way with technology. But it is a restraint on international economic activity. It is the government’s saying to the market you may not do this because it will have a negative impact on our employment.

Now, I think that’s legitimate, especially here, since it will only apply to companies that are receiving this assistance. But understand the principle. Those who say it’s always a good thing to allow the market to totally run because it will enhance capacity are agreeing that in this case, because we have the hook on which to hang it, we can undercut that.

But the fact that we have the hook in the TARP doesn’t change what the economics would be. So I welcome what I think is a renewed recognition for some and a belated recognition for others that a regime in which none of these considerations of local employment can be considered is not necessarily in our best interest. SOURCE: Cong. Rec. p. H 408 (Jan. 21, 2009), on debate on Tarp Reform and Accountability Act Of 2009.

GATS. Senator Schumer appears not to have reviewed the policy of “national treatment” under Article XVII of the General Agreement on Trade in Services (GATS), a WTO agreement that is legally binding on the U.S. by reason of American ratification under President Bill Clinton. That text states:

“In sectors described in its schedule [of adhesion to the agreement], and subject to any conditions and qualifications set out therein, each Member shall accord to services and service suppliers of any other Member, in respect of all measures affecting the supply of services, treatment no less favorable than it accords to its own like services and suppliers.”

Clawback. Protectionist laws lead to counter-protectionist laws by trading partners. History has many examples of trade retaliation where the producers of apples suffer new foreign retaliatory tariffs because producers of oranges got a protectionist deal by having a $0.25 per unit excise tax advantage. Those of us American who sell services — such as professional services, consulting services, business advisory services, customer service, IT service, etc – and those who export goods or licensed technologies — will be exposed to retaliation by foreign countries who believe such an excise tax violates the US obligations under GATS. In other scenarios, U.S. producers of unrelated services and goods could be the subject of retaliatory and discriminatory foreign tariffs and taxes. This is old news (click here to read more on this subject).

Rule of Law. Sen. Schumer’s approach to legislation is an abuse of international public law. If Sen. Schumer wants to abrogate U.S. treaty obligations, he should say so and simply seek to abrogate the WTO agreements that give U.S. exporters national treatment in foreign markets. Such an idea may be permitted under U.S. constitutional provisions that allow a later law to abrogate a prior treaty.

Fair Trade. Hillary Clinton, as a Presidential candidate in 2008, actually had a more novel approach that explains why she is Secretary of State. She proposed “Fair Trade,” not “Free Trade.” She promoted a bilateral review of trade benefits (contrary to the multilateral approach of the WTO) and a renegotiation of U.S. trade obligations and termination for those countries that breached their WTO obligations of openness, transparency and national treatment. Sen. Schumer’s protectionist approach would not bother with such formalities, without mentioning the probability of foreign disrespect for American trade rights. Hillary Clinton was smarter about “fair trade” in her campaign. She at least understood existing law. Read more

Filed under: Newsletter Article
Tagged: Fair Trade, foreign call center, free trade, GATS, outsourcing, Protectionist, Rule of Law, Sen. Schumer, TARP, World Trade Organization

Cyber Security Threat Management in Outsourcing: The Coming National Security Regulation of ITO, BPO and KPO

January 29, 2010 by Bierce & Kenerson, P.C. · Leave a Comment

Imminent national regulation of Internet-based services will impact all companies that use the Internet for project management, collaboration, and remote transaction processing. Google and China have precipitated a showdown that may cause the extension of a web (!) of national of Internet regulations, with many consequences on the freedom and costs of running a global business or servicing customers remotely. The showdown highlights the fact that cybersecurity threats come from many sources, including foreign nation states, domestic criminals and hackers and disgruntled employees.

On January 12, 2010, Google Inc. announced by blog that it had been the target of concerted attacks from Chinese hackers, that its intellectual property had been compromised and that the attacks targeted the identities of its subscribers. See press release, http://www.sec.gov/Archives/edgar/data/1288776/000119312510005667/dex991.htm . Google’s blog revealed that “at least twenty other large companies from a wide range of businesses—including the Internet, finance, technology, media and chemical sectors” were affected. The Wall Street Journal reported that 34 U.S. companies were targets, including Adobe Systems Inc. and Juniper Networks Inc. Other companies such as Symantec acknowledged they are under constant siege of cyberattacks. Cyber warfare attacks have been reportedly used in Iran to ferret out political dissidents and in Georgia to overload telecommunications during military exercises. China filters Internet content through registration and regulation of Internet services.

Cybersecurity is a critical foundation for any country’s national security and economic security and, indirectly, global trade in IT-enabled services and in the global supply chain. Information networks support financial services, energy, telecommunications, transportation, health care, and emergency response systems, as well as ordinary commerce, employment, education, civil liberties and social and family cohesion. The security of private information networks, such as Google, Yahoo, Symantec and Juniper Networks and the underlying software such as Adobe Systems and Microsoft, are the foundation for today’s global economy.

In global sourcing, cyber security is an essential commitment by anyone business seeking to acquire and be a trusted custodian of personally identifiable information (“PII”). If enterprises (“data controllers” under the European Union Data Protection Directive) are going to gather PII and contract with service providers (“data processors”) to process it, the risk of cyber attacks frames the debate on risk allocation, roles, responsibilities, pricing and process integration.

For all participants in the outsourcing industry, it’s time to fresh look at legal structures and financial implications of cybersecurity.

Existing General U.S. Cybersecurity Laws. Current U.S. legislation and regulations already require cybersecurity compliance, audit, certification and compliance generally. Special cybersecurity mandates arise under the Health Insurance Portability and Accountability Act (“HIPAA”) of 1996, the Sarbanes-Oxley Act of 2002 (“Sox”), state security breach notification legislation and credit card rules applicable to banking transactions (the “PCI rules”). The Computer Fraud and Abuse Act, 18 USC 1030, protects against unauthorized disclosure of most computer data. In addition to securities regulations on insider trading, common law also imposes cybersecurity mandates on lawyers and others receiving confidential financial information. Other cybersecurity rules exist in other legislation:

(1) the Privacy Protection Act of 1980 (42 U.S.C. 2000aa);
(2) the Electronic Communications Privacy Act of 1986 (18 U.S.C. 2510 note);
(3) the Computer Security Act of 1987 (15 U.S.C. 271 et seq.; 40 U.S.C. 759);
(4) the Federal Information Security Management Act of 2002 (44 U.S.C. 3531 et seq.);
(5) the E-Government Act of 2002 (44 U.S.C. 9501 et seq.);
(6) the Defense Production Act of 1950 (50 U.S.C. App. 2061 et seq.);
(7) any other Federal law bearing upon cyber-related activities; and
(8) any applicable Executive Order or agency rule, regulation, guideline.

But there are no laws mandating that small business or individuals adopt cybersecurity standards (other than general rules).

Public and Private Assets: “Critical Infrastructure” and “Protected Systems.” Already, the cybersecurity jurisdiction of the Department of Homeland Security applies to both “critical infrastructure” and “protected systems.” The concept of “protected system” would extend the more restrictive concept of “critical infrastructure” to virtually any private computer network. A “protected system” would mean “any service, physical or computer-based system, process, or procedure that directly or indirectly affects the viability of a facility of critical infrastructure.” It would include “any physical or computer-based system, including a computer, computer system, computer or communications network, or any component hardware or element thereof, software program, processing instructions, or information or data in transmission or storage therein, irrespective of the medium of transmission or storage.” Homeland Security Act, Sec. 212. In short, national security and economic security mean that public and private assets will be managed as one suite of assets at risk.

Special Purpose Legislation: Electrical Grids. According to legislation proposed in April 2009, “According to current and former national security officials, cyber spies from China, Russia, and other countries have penetrated the United States electrical system in order to map the system, and have left behind software programs that could be used to disrupt and disable the system.” Proposed “Critical Electric Infrastructure Protection Act,” H.R. 2195, An Act to amend the Federal Power Act to provide additional authorities to adequately protect the critical electric infrastructure against cyber attack, and for other purposes, 111th Cong, 1st Sess. The proposed law would require the Secretary of Homeland Security, working with other national security and intelligence agencies, to “conduct research and determine if the security of federally owned programmable electronic devices and communication networks (including hardware, software, and data) essential to the reliable operation of critical electric infrastructure have been compromised,” including “the extent of compromise, identification of attackers, the method of penetration, ramifications of the compromise on future operations of critical electric infrastructure, secondary ramifications of the compromise on other critical infrastructure sectors and the functioning of civil society, ramifications of compromise on national security, including war fighting capability, and recommended mitigation activities.” Preamble. In short, the new law (if enacted) would amend the Homeland Security Act of 2002 (6 U.S.C. 133(i)) to require special studies to “ensure the security and resilience of electronic devices and communication networks essential to each of the critical infrastructure sectors.”

Pending General Cybersecurity Legislation: Cybersecurity Act of 2009. In April 2009, Sen. Jay Rockefeller (D., W. Va.) introduced a draft Cybersecurity Act of 2009, S 773, 111th Cong., 1st Sess. The bill’s long-form name is “An Act To ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cyber security defenses against disruption, and for other purposes.” The draft focuses on the commercial impact of cyber espionage: “Since intellectual property is now often stored in digital form, industrial espionage that exploits weak cybersecurity dilutes our investment in innovation while subsidizing the research and development efforts of foreign competitors. In the new global competition, where economic strength and technological leadership are vital components of national power, failing to secure cyberspace puts us at a disadvantage.” S. 773, Sec. 2 (2). The drafters warned that the nation is unprepared for “a massive cyber disruption [that] could have a cascading, long-term impact without adequate co-ordination between government and the private sector.” S. 773, Sec. 2 (6).

Cybersecurity Advisory Panel. The draft law contemplates the appointment of a panel of advisors to include “representatives of industry, academic, non-profit organizations, interest groups and advocacy organizations, and State and local governments who are qualified to provide advice and information on cybersecurity research, development, demonstrations, education, technology transfer, commercial application, or societal and civil liberty concerns.” S. 773, Sec. 3(b)(i).

Cybersecurity Dashboard. The bill would also “implement a system to provide dynamic, comprehensive, real-time cybersecurity status and vulnerability information of all Federal Government information systems and networks managed by the Department of Commerce.” S. 773, Sec. 4.

Cybersecurity Institute. Under the bill, the Secretary of Commerce would provide assistance for the creation and support of “Regional Cybersecurity Centers” for the promotion and implementation of cybersecurity standards. Each Center would be affiliated with a United States-based nonprofit institution or organization, or consortium thereof, that applies for and is awarded financial assistance. Such centers would seek to enhance the cybersecurity of small and medium sized businesses and industrial firms in United States through the dissemination and transfer of cybersecurity standards, processes, technology, and techniques developed at the National Institute of Standards and Technology (“NIST”). www.nist.gov. S. 773, Sec. 5(a). This approach reflects other draft legislation, such as the Cybersecurity Enhancement Act of 2009, HR 4061, 111th Cong., 1st Sess., for cybersecurity research, development, education and technical standards for identity management technologies, authentication and security protocols, expanding on the existing Cyber Security Research and Development Act (15 U.S.C. 7401).

Licensing of Cybersecurity Professionals. The draft law would require a national licensing, certification, and periodic recertification program, under the aegis of the Department of Commerce, for cybersecurity professionals (defined as “providers of cybersecurity services”). Such licensing would effectively submit all outsourcing service providers to U.S. federal jurisdiction and enforcement of cybersecurity compliance standards. S. 773, Sec. 7.

Federal Standards. Within a year after enactment, the NIST would be required to “establish measurable and auditable cybersecurity standards for all Federal Government, government contractor, or grantee critical infrastructure information systems and networks.” These would include standards for

(1) security controls that are known to block or mitigate known attacks;
(2) the software security, including a separate set of such standards for measuring security in embedded software such as that found in industrial control systems;
(3) standard computer-readable language for completely specifying the configuration of software on computer systems widely used in the Federal Government, by government contractors and grantees, and in private sector owned critical infrastructure information systems and networks;
(4) standard configurations for security settings for operating system software and software utilities widely used in the Federal Government, by government contractors and grantees, and in private sector owned critical infrastructure information systems and networks; and
(5) sniffer standards to identify vulnerabilities in software to enable software vendors to communicate vulnerability data to software users in real time.

The NIST would establish a standard testing and accreditation protocol for all software built by or for the Federal Government, its contractors, and grantees, and privately owned critical infrastructure information systems and networks. The testing would occur during the software development process and on acceptance prior to deployment of software.

International Standards. The draft Cybersecurity Act of 2009 would require the U.S. to participate in setting international standards for cybersecurity. But it stops short of any hope for an international law on cybersecurity. It does not call for a convention on cybersecurity. Certainly any negotiations for such a convention could lead to a “least common denominator” of weak standards and political excuses. In light of the impact on trade in services, certainly cybersecurity would be a subject that might fall under the mission of the World Trade Organization, www.wto.org, or the Organization for Economic Development, www.oecd.org. As it is, the International Standards Organization, www.iso.org, would be the probable forum for any such discussions. Also, the bill would require the President to “work with representatives of foreign governments” to develop norms, organizations, and other cooperative activities for international engagement to improve cybersecurity and to encourage international cooperation in improving cybersecurity on a global basis. S. 773, Sec. 21.

Further Legislation. The United States already has several laws governing cyber security. The draft Cybersecurity Act of 2009 would require the President to review and propose changes in existing cybersecurity laws.

“Pulling the Plug” on Impaired Cyber Infrastructure. The Cybersecurity Act would set up a framework for national regulation of the Internet, which currently is controlled by ICANN, a California-incorporated non-profit organization. www.icann.org. One of the most controversial provisions in the bill would allow the President to shut down the Internet during a time of crisis. The President would be authorized to declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network. S. 773, Sec. 18(2). The President “may order the disconnection of any Federal Government or United States critical infrastructure information systems or networks in the interest of national security.” S. 773, Sec. 18(6). This police power would be generally without judicial review.

Insurance and Risk Disclosure and Mitigation. The bill invites Presidential reports to Congress on ways to manage commercial risks of cyber attacks. Such reports would seek to identify the feasibility of:

(1) creating a market for cybersecurity risk management, including the creation of a system of civil liability and insurance (including government reinsurance); and

(2) requiring cybersecurity to be a factor in all bond ratings. Sec. 15.

Identity Management; Identity Theft; Civil Liberties. The bill requires the President to present a report on the “feasibility of an identity management and authentication program, with the appropriate civil liberties and privacy protections, for government and critical infrastructure information systems and networks.” This provision creates a balance between national security and civil liberties guaranteed by the Constitution.

Investment in Security. The current appropriations bill for the Department of Homeland Security, for the fiscal year ending September 30, 2010, contemplates a small budget for infrastructure security on the scale contemplated in the draft Cybersecurity Act. See, Pub. L. 111-83, H.R.2892, Department Of Homeland Security Appropriations Act, 2010, 111th Cong., 1st Sess. (Oct. 28, 2009).

Implications for Outsourcing.

New Opportunities for Outsourcing of Cybersecurity. As cybersecurity becomes more complex, new opportunities will emerge for service providers that deliver protected processes complying with new regulatory standards.

Industry Sectors; “Verticals.” Outsourcing services (including shared service centers and captive processing centers) manage many “critical infrastructures” that are essential to national security and economic security. Certain sectors are generally included in the definition of “critical infrastructures”: banking, financial services and insurance (“BFSI”), public utilities (water, telecommunications, transportation, oil and gas and electricity supply), emergency services and government. See John Motoff and Paul Parfomak, “Critical Infrastructure and Key Assets: Definition and Identification,” Cong. Research Service (Oct. 1, 2004), http://www.fas.org/sgp/crs/RL32631.pdf. The current statutory definition (established in the USA PATRIOT Act of 2001, Sec. 1016(e) and referenced in the Homeland Security Act of 2002) states:

Systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating effect on the security, national economic security, national public health or safety, or any combination of those matters.

Under this sweeping definition, virtually all of outsourcing and the economic supply chain of goods and services could be seen as a “critical infrastructure” for regulation, protection and ultimately potential control by the federal government for purposes of security of the government, economy, health and safety.

Covered ITO and BPO Service Providers. The Cybersecurity Act of 2009 would apply new standards to government contractors and grantees and private sector “critical infrastructure systems and networks.” However, in due course, such standards could be applied to all “protected computers” and private computers as well.

Vendor Selection. By adopting national cybersecurity standards, any new federal legislation would impact the selection of competing outsourcing vendors, based on compliance and risk assessments. Smaller vendors, that might comply today with ISO 27000 but not the PCI credit card security standards or any new federal cybersecurity standards, might not be competitive. Their market value might decline, and their selling prices in an acquisition might be lower on the basis of earnings multiples or other valuation metrics.

National Regulation of Cybersecurity. In short, all business and personal computers would be “protected systems” subject to national security protections, including registrations, licensing, compliance and verification. It is clear that the draft law would superimpose itself on all outsourcing contracts that involve the use of any computers. In short, it would apply to all sourcing contracts.

Allocation of Risk for Compliance with Applicable Law. Generally, outsourcing contracts require service providers (including software developers and IT infrastructure support providers) to comply with applicable U.S. law. The draft Cybersecurity Act of 2009 would be implicit in all applications development and maintenance contracts. It would apply to software developed outside the United States.

Extraterritorial Application of National Laws. Currently, the United States and other countries have laws intended to regulate conduct of persons outside their borders that have an impact inside their borders. Such extraterritorial laws include the Foreign Corrupt Practices Act, the Export Administration Act and the International Trade in Arms Regulations. Outsourcing service providers already are expected to comply with such legislation. Service providers should anticipate the extension of national cybersecurity regulation to their operations outside the United States (and other countries where outsourcing customers receive the services). Further, the U.S. Homeland Security department might conduct inspections on foreign territory, subject to local governmental authorization, similar to historical inspections conducted by the Federal Aviation Administration for maintenance and repairs done abroad to U.S. registered aircraft.

Reciprocity between Governments. Protecting outsourcing as an economic process will require governments to collaborate on cybersecurity management. One can easily foresee a new dialogue between the U.S. government and the Government of India, a key source of talent for software development, ITO and BPO, for the mutual adoption of cybersecurity standards, registration, licensing and compliance procedures. A similar dialogue may eventually arise with China, which hopes to promote its technology centers and “software technology parks” as centers of excellence and sources of employment for engineers servicing non-Chinese global enterprises. Similarly, cybersecurity “best practices” are likely to evolve under the aegis of the OECD for economic regulation and NATO for military use.

For related topics:

Privacy, Data Protection and Outsourcing in the United States

wbb

Filed under: Newsletter Article
Tagged: cybersecurity, data protection, outsourcing, privacy, security, standards

Outsourcing Law & Business Journal™: January 2010

January 25, 2010 by Bierce & Kenerson, P.C. · Leave a Comment

OUTSOURCING LAW & BUSINESS JOURNAL (™) : Strategies and rules for adding value and improving legal and regulation compliance through business process management techniques in strategic alliances, joint ventures, shared services and cost-effective, durable and flexible sourcing of services. www.outsourcing-law.com. Visit our blog at http://blog.outsourcing-law.com for commentary on current events.

Insights by Bierce & Kenerson, P.C., Editors. www.biercekenerson.com

Editor’s Note: As we welcome 2010, we continue to develop our newly re-launched Outsourcing-Law.com™ website and e-newsletter! We invite your feedback on the new Beta site as well as your contributions of content on international jurisdictions or legal issues in governance, risk management and compliance. Please contact us.

Vol. 10, No. 1 (January, 2010)
___________________________

1. Cyber Security Threat Management in Outsourcing: The Coming National Security Regulation of ITO, BPO and KPO.

2. Social Security Tax Agreements: The Cost of Expatriate Workers.

3. Humor.

4. Conferences/Webinar.
_______________________________
1. Cyber Security Threat Management in Outsourcing: The Coming National Security Regulation of ITO, BPO and KPO. Imminent national regulation of Internet-based services will impact all companies that use the Internet for project management, collaboration, and remote transaction processing. Google and China have precipitated a showdown that may cause the nationalization of Internet regulation, with many consequences on the freedom and costs of running a global business or servicing customers remotely. The showdown highlights the fact that cybersecurity threats come from many sources, including foreign nation states, domestic criminals and hackers and disgruntled employees….

Cybersecurity is a critical foundation for any country’s national security and economic security and, indirectly, global trade in IT-enabled services and in the global supply chain….In global sourcing, cyber security is an essential commitment by anyone business seeking to acquire and be a trusted custodian of personally identifiable information (“PII”). If enterprises (“data controllers” under the European Union Data Protection Directive) are going to gather PII and contract with service providers (“data processors”) to process it, the risk of cyber attacks frames the debate on risk allocation, roles, responsibilities, pricing and process integration.

For all participants in the outsourcing industry, it’s time to fresh look at legal structures and financial implications of cybersecurity. For the complete article, click here.

2. Social Security Tax Agreements: The Cost of Expatriate Workers. Whenever citizens of one country set up operations or perform services in another country, they face the challenge of dual taxation. Dual taxation can be particularly oppressive where two countries tax the same income, or require payments of some form of tax on the same business activities. To avoid such burdens, model income tax treaties and estate tax treaties have evolved under the aegis of the OECD. Other treaties may apply to allow workers from one country to avoid paying social security to the government of another country. This article addresses the question whether bilateral social security tax agreements have a material impact on mobility of technical service workers moving between a service delivery center (such as India) and a service recipient’s facilities (such as in the United States). Click here to see the entire article.

3. Humor.

Cybersecurity, n. (1) a locked door; (2) an open door with pass key; (3) trust; (4) hope.

4. Conferences/Webinar.

January 22, 2010, Webinar on How Can You Leverage An Economic Development Group In Your Global Sourcing Strategy? Presented by Global Sourcing Council. Eric Hochstein of the Ontario Ministry of Economic Development and Trade will discuss the pros and cons of near-shore sourcing and the socially responsible aspects of sourcing to Canadanderstanding how successful and growing partnerships between companies in the United States and Canada have strengthened businesses on both sides of the border and around the world. To register, please click here.

January, 24-26, 2010, IQPC Business Process Outsourcing and Shared Services Exchange 2010, San Diego, California. This is an invitation-only gathering for VP and C-Level senior Shared Services and Outsourcing executives made up of highly crafted, executive level conference sessions, interactive “Brain Weave” discussions, engaging networking opportunities and strategic one-on-one advisory meetings between solution providers and delegates. With a distinguished speaking faculty from McGraw-Hill, Ingram Micro and Pfizer, amongst others, the seats at the 2010 Exchange are limited and filling up quickly. We have limited complimentary invitations available for qualified delegates for a limited time. Please give us your reference ‘Outsourcing Law’ when inquiring. There are solution provider opportunities also available for companies who want to be represented. You can request your invitation at exchange@iqpc.com, call at 1866-296-4580 or visit their website.

February 15-17, IAOP’s 13th Annual 2010 Outsourcing World Summit, Lake Buena Vista, Florida. This event is designed for outsourcing executives from across the industry and around the world who are seeking the very latest insights and ideasand is themed as “Using Outsourcing to Emerge as a Leader in the New Global Economy”. Educational sessions deliver specific actionable solutions to current challenges faced by experienced professionals. Case studies feature actual experiences and the lessons learned, feature new ideas, approaches and opportunities. For more information, click here.

February 22-24, 2010, SSON and IQPC 8th Procure-to-Pay Summit, Miami, Florida focuses on “Fostering Smart Partnerships to Optimize Cash Flow and Deliver Positive Business Outcomes from End to End.” This Summit is all about making the most of your smart partnerships to increase cash flow and improve business outcomes as companies move away from a reactionary mode toward sustainable practices. While we may not yet be out of the woods, so to speak, it is clear that the economic landscape in 2009 has created opportunities for companies to create new synergies with their P2P partners to help promote growth for 2010 and beyond. For more information, click here.

February 24-25, 2010, IQPC’s 3rd E-Discovery for Financial Services Conference, New York, New York. Learn the Best Review, Retention and Destruction Procedures to Cut Costs and Response Time During a Financially Troubled Economy. This event examines, from the unique perspective of high-level financial executives, how the challenges of each financial sector intersect with e-discovery proceedings and processes. View the complete program agenda at www.ediscoveryevent.com/finance.

March 22-26, 2010, SSON presents the 14th Annual North American Shared Services & Outsourcing Week, Orlando, FL. This event includes speakers from top companies: Aramark, Arbys/Wendy’s, AstraZeneca, Chevron, Coca-Cola, Conagra Foods, General Motors, Kellogg, Kraft, Microsoft, Monster, NASA, Northrop Grumman, Oakley, Perdue Farms, Schering Plough, Warner Brothers and more. It will include new and enhanced features:

* G8: Global Sourcing Think Tank Eliminating the White Noise: The first ever neutral platform to help shape a common industry agenda in the US
* Under the C-Suite Spotlight with Rene Carayol, An Exclusive Onstage CXO Interview: Board-room revelations regarding shared service & sourcing model strategy
* New, Strong, Business Outcome-Focused Content: 8 content-intense tracks, from Planning & Launching and BPO Evolution to IACCM’s Contracting to Collaboration
* Enhanced Annual Features: Quick Wins Energizers, Speed Networking, Blue Sky Innovation Room for Mature SSO’s, and more.

Please contact Kim Vigilia directly at 1-212-885-2753 or at kim.vigilia@iqpc.com with your special code IUS_OSL_#1 to get a 20% discount off the all-access pass. You can also visit the website at www.sharedservicesweek.com.

March, 25-26, 2010, American Conference Institute’s 4th National Forum on Reducing Legal Costs, Dallas, Texas. This essential cross-industry benchmarking forum gathers together more than 30 senior corporate counsel and legal sourcing managers responsible for cost-reduction success stories, as well as leaders from law firms who are pioneers in the alternative fee world, to guide those in attendance on the complexities of keeping legal department costs in check. Now in its fourth installment, this event also offers unique networking opportunities with senior practitioners in the field, includingin-house counsel across a wide spectrum of companies and industries. For more information, visit their website.

******************************************

FEEDBACK: This newsletter addresses legal issues in sourcing of IT, HR, finance and accounting, procurement, logistics, manufacturing, customer relationship management including outsourcing, shared services, BOT and strategic acquisitions for sourcing. Send us your suggestions for article topics, or report a broken link at: webmaster@outsourcing-law.comThe information provided herein does not necessarily constitute the opinion of Bierce & Kenerson, P.C. or any author or its clients. This newsletter is not legal advice and does not create an attorney-client relationship. Reproductions must include our copyright notice. For reprint permission, please contact: publisher@outsourcing-law.com. Edited by Bierce & Kenerson, P.C. Copyright (c) 2010, Outsourcing Law Global LLC. All rights reserved. Editor in Chief: William Bierce of Bierce & Kenerson, P.C. located at 420 Lexington Avenue, Suite 2920, New York, NY 10170, 212-840-0080.

Filed under: Newsletter
Tagged: agreements, contracting, data protection, humor, legal, outsourcing, privacy, security, services, sourcing, US

Social Security Tax Agreements: The Cost of Expatriate Workers

January 21, 2010 by Bierce & Kenerson, P.C. · Leave a Comment

Whenever citizens of one country set up operations or perform services in another country, they face the challenge of dual taxation. Dual taxation can be particularly oppressive where two countries tax the same income, or require payments of some form of tax on the same business activities. To avoid such burdens, model income tax treaties and estate tax treaties have evolved under the aegis of the OECD. Other treaties may apply to allow workers from one country to avoid paying social security to the government of another country.

This article addresses the question whether bilateral social security tax agreements have a material impact on mobility of technical service workers moving between a service delivery center (such as India) and a service recipient’s facilities (such as in the United States).

Double tax treaties allocate the rights of the two countries to tax the same income or activities. In the case of income tax treaties, the key determinant is whether the activities form a “permanent establishment” that serves as a sufficient nexus for the host country to tax the income and the activities. In the case of workers visiting on work visas, social security treaties allocate both the social security charges deducted from local wages and the liability of each state for payment of the social benefits (such as medical care and retirement income) from the workers’ activities.

The Times of India reported on January 18, 2010, that India and the United States are negotiating a Bilateral Investment Promotion Agreement and a Social Security Treaty. Http://timesofindia.com/articleshow/5462979.cms. U.S.-visiting personnel of Indian outsourcers (and Indian service captives of U.S. companies) have been paying U.S. Social Security taxes from the first day of their secondment to the U.S. locations. Payments are due from both the employer and the employee at the rate of 7.65% for various combined federal social taxes. Their visas (typically H1-B) may permit work in the U.S. only for 6 years. However, under U.S. Social Security rules (applicable in the absence of a treaty), such personnel are not entitled to receive any U.S. social security benefits unless they remain in the U.S. for at least 10 years (40 quarters).

The U.S. Social Security Administration (“SSA”) has its own explanation of the various social security treaties:

Since the late 1970’s, the United States has established a network of bilateral Social Security agreements that coordinate the U.S. Social Security program with the comparable programs of other countries. This article gives a brief overview of the agreements and should be of particular interest to multinational companies and to people who work abroad during their careers.

International Social Security agreements, often called “Totalization agreements,” have two main purposes. First, they eliminate dual Social Security taxation, the situation that occurs when a worker from one country works in another country and is required to pay Social Security taxes to both countries on the same earnings. Second, the agreements help fill gaps in benefit protection for workers who have divided their careers between the United States and another country.

Agreements to coordinate Social Security protection across national boundaries have been common in Western Europe for decades. Following is a list of the agreements the United States has concluded and the date of the entry into force of each. Some of these agreements were subsequently revised; the date shown is the date the original agreement entered into force.

Country	Entry into Force
Italy	November 1, 1978
Germany	December 1, 1979
Switzerland	November 1, 1980
Belgium	July 1, 1984
Norway	July 1, 1984
Canada	August 1, 1984
United Kingdom	January 1, 1985
Sweden	January 1, 1987
Spain	April 1, 1988
France	July 1, 1988
Portugal	August 1, 1989
Netherlands	November 1, 1990
Austria	November 1, 1991
Finland	November 1, 1992
Ireland	September 1, 1993
Luxembourg	November 1, 1993
Greece	September 1, 1994
South Korea	April 1, 2001
Chile	December 1, 2001
Australia	October 1, 2002
Japan	October 1, 2005
Denmark	October 1, 2008
Czech Republic	January 1, 2009
Poland	March 1, 2009

Source: http://www.ssa.gov/international/agreements_overview.html

The list of such countries shows that the U.S. typically has a significant incentive to avoid the imposition of double social security taxes on U.S. citizens and residents who are expatriates abroad than for incoming foreign workers who come to the United States. U.S. expatriates are entitled to U.S. social security coverage, and must contribute, if they work for a foreign subsidiary of the U.S. employer that elects, by agreement with the Internal Revenue Service under section 3121(l) of the Internal Revenue Code, to pay Social Security taxes for U.S. citizens and residents employed by the affiliate.

U.S. Social Security Treaties. Aside from South Korea, Chile, Australia and Japan, virtually all such treaties are with European Union countries. A brief review of the most recent treaties (Czech Republic and Poland) shows that the dual social security taxes are waived based on residency for under 5 years, not the 10 years that applies to individuals from other countries (such as India) without a social security agreement. The requirement of some minimum residency before entitlement to local social security program participation serves public policy by not entitling foreign workers in the U.S., for example, to enjoyment of such programs without making substantial contributions. On the other hand, such minimum residency requirements conflict with the H1-B visa limitation of a six-year maximum stay. As a practical matter, H1-B visitors can convert their visa status to immigrants (after a long wait), so the minimum residency requirement promotes immigration of highly qualified managerial or skilled workers.

Indian Social Security Treaties. According to the Times of India, India has signed social security totalization agreements with Belgium, France and Germany, which are significant markets for Indian-based ITO and BPO service providers. The article did not specify any minimum residency period under such agreements.

Impact on Outsourcing and Foreign Captives. Social security totalization agreements serve to allocate between two national governments two separate cash flows: (i) income (contributions by local employer and the locally present expatriate employee) and (ii) expense (a future stream of social security benefits after satisfaction of the minimum residency requirements). Where the host country such as the U.S. charges social security deductions to the wages of foreign workers (e.g., Indians seconded to a U.S. customer or affiliate), the U.S. reaps a windfall if the minimum residency is never satisfied. The Times of India article claims that this windfall amounts to $1 billion per year. Where the minimum residency is satisfied, there is no windfall, and indeed the host country could suffer a loss if the expatriate acquires residency.

The Times of India article suggests that there is an additional burden on Indian workers who work in the USA under H1-B visas. This is questionable, since American employers (whether as affiliates of Indian captives or as enterprise customers of Indian service providers) will still pay their employer’s share of U.S. social security, regardless of the nationality or tax residency of the worker. The only impact is that the Indian workers do not get a discount, exemption or benefit unless they come to the U.S. for the minimum residency period. In short, it appears that the only party disadvantaged is the Indian Treasury, and the absence of a social security totalization agreement between the U.S. and India does not serve as an impediment for hiring of local workers in the U.S. It does, however, play a role in balance of payments in the long term.

In the scenario at hand, the lack of a social security agreement will also delay liberalization of American investment in India under a separate agreement on protection of investors. Thus, there could be some adverse impact on American companies seeking to invest in India if both agreements are not signed together, or unless one country blinks.

For related topics:

See Employment Law.

wbb

Filed under: Newsletter Article
Tagged: contracting, dual taxation, framework agreement, immigration, India, outsourcing, social security, U.S. Social Security Administration

Outsourcing Law & Business Journal™: December 2009

December 23, 2009 by Bierce & Kenerson, P.C. · Leave a Comment

Insights by Bierce & Kenerson, P.C., Editors. www.biercekenerson.com

Season’s Readings (and Greetings) from Bierce & Kenerson, PC, Outsourcing-Law.com and our E-newsletter.
Holiday Greetings and welcome to this first edition of an exciting re-launched Outsourcing-Law.com™ website and e-newsletter! We want your feedback on the new Beta site as well as your contributions of content on international jurisdictions or legal issues in governance, risk management and compliance. Please contact us. See you in the New Year!

Vol. 9, No. 12 (December, 2009)

___________________________

1. E-Discovery and Legal Process Outsourcing: EDRM Process Design and Choices between Outsourcing vs. Insourcing

2. When is a Contractual Limitation of Liability Invalid and Unenforceable? American Public Policy Exceptions to Exculpatory Clauses in Telecommunications.

3. Humor.

4. Conferences.

_______________________________

1. E-Discovery and Legal Process Outsourcing: EDRM Process Design and Choices between Outsourcing vs. Insourcing. State and federal rules of civil procedure and emerging common law of the discovery process impose significant costs on businesses that are engaged in litigation. Pre-trial “discovery” serves to narrow the issues in dispute by forcing the disclosure of records, including electronically stored information (“ESI”) for judicial economy, to narrow the scope of disputed issues for adjudication (such as through motions for partial summary judgment, admissions and prior inconsistent statements), and to speed the actual trial process. E-discovery has become a daily challenge for the General Counsel, the CIO, the COO and the Risk Management Department. They face a choice of policies, procedures and technologies for insourcing (such as by using forensic software and employed staff) or outsourcing for electronic records discovery management (“EDRM”) in e-discovery. This article explores some of the differences between insourcing and outsourcing in terms of records management / EDRM, legal requirements for protection and production of electronic records, project management in forensic record examination, litigation readiness, knowledge management, risk management, ethics and legal compliance. To see the complete article, please click here.

2. When is a Contractual Limitation of Liability Invalid and Unenforceable? American Public Policy Exceptions to Exculpatory Clauses in Telecommunications. An essential element of risk management in any commercial contract for the sale of services or goods is the clause limiting the vendor’s liability. In the sale of goods, the policy limitations are set forth in the Uniform Commercial Code, which invalidates clauses that deprive the customer of an “essential remedy” or the clause is part of an abuse of a consumer under a contract of adhesion, and under the federal Magnuson-Moss Warranty Act and similar state laws. In the sale of services, the policy limitations reflect common law, which may include a judicial analysis of regulations and the fundamental nature of the relationship between the service provider and the enterprise customer.

A decision by a New York State Supreme Court judge in November 2009 highlights the limits on exculpatory clauses under American jurisprudence under principles of gross negligence, willful misconduct, “special duty,” breach of the implied covenants of good faith and fair dealing and prima facie tort. In addition, other legal theories – such as fraud, intentional interference with business relationship, negligent misrepresentation, breach of the implied duty of good faith and fair dealing and prima facie tort – might not be available to enterprise customers for a simple failure by the service provider to deliver proper accounting information relating to its services. Click here for the complete article.

3. Humor.

Legal Process Outsourcing, n. (1) everything legal but not done by a lawyer; (2) everything done by a lawyer but not legal in your jurisdiction; (3) everything non-legal but legal because it’s paralegal.

Contract, n. (1) an enforceable expression of the meeting of the minds; (2) a meeting of the wallets

4. Conferences.

January 28-29, 2010, Global Services Conference, Jersey City, New Jersey. Through the entire episode of the global economic meltdown, the global outsourcing services industry has seen the rise of a group of suppliers who are redefining many traditional management practices; changing the long-standing model for contracting offshore services; collaborating with clients in new ways; and gaining more control over outsourcing strategies. This conference focuses on these changes in the global services model and the learning from this period. For more information, visit their website

February 22-24, 2010, SSON and IQPC 8th Procure-to-Pay Summit, Miami, Florida focuses on ”Fostering Smart Partnerships to Optimize Cash Flow and Deliver Positive Business Outcomes from End to End.” This Summit is all about making the most of your smart partnerships to increase cash flow and improve business outcomes as companies move away from a reactionary mode toward sustainable practices. While we may not yet be out of the woods, so to speak, it is clear that the economic landscape in 2009 has created opportunities for companies to create new synergies with their P2P partners to help promote growth for 2010 and beyond. For more information, click here.

March 22-26, 2010, SSON presents the 14th Annual North American Shared Services & Outsourcing Week, Orlando , FL. Here’s a sneak peek of new and enhanced features, which include:

Speakers from Top Companies:Aramark, Arbys/Wendy’s, AstraZeneca, Chevron, Coca-Cola, Conagra Foods, General Motors, Kellogg, Kraft, Microsoft, Monster, NASA, Northrop Grumman, Oakley, Perdue Farms, Schering Plough, Warner Brothers and more
G8: Global Sourcing Think Tank Eliminating the White Noise: The first ever neutral platform to help shape a common industry agenda in the US
Under the C-Suite Spotlight with Rene Carayol, An Exclusive Onstage CXO Interview : Board-room revelations regarding shared service & sourcing model strategy
New, Strong, Business Outcome-Focused Content : 8 content-intense tracks, from Planning & Launching and BPO Evolution to IACCM’s Contracting to Collaboration
Enhanced Annual Features: Quick Wins Energizers, Speed Networking, Blue Sky Innovation Room for Mature SSO’s, and more.

March, 25-26, 2010, American Conference Institute’s 4th National Forum on Reducing Legal Costs, Dallas, Texas. This essential cross-industry benchmarking forum gathers together more than 30 senior corporate counsel and legal sourcing managers responsible for cost-reduction success stories, as well as leaders from law firms who are pioneers in the alternative fee world, to guide those in attendance on the complexities of keeping legal department costs in check. Now in its fourth installment, this event also offers unique networking opportunities with senior practitioners in the field, includingin-house counsel across a wide spectrum of companies and industries. For more information, visit their website.

******************************************

FEEDBACK: This newsletter addresses legal issues in sourcing of IT, HR, finance and accounting, procurement, logistics, manufacturing, customer relationship management including outsourcing, shared services, BOT and strategic acquisitions for sourcing. Send us your suggestions for article topics, or report a broken link at: webmaster@outsourcing-law.com The information provided herein does not necessarily constitute the opinion of Bierce & Kenerson, P.C. or any author or its clients. This newsletter is not legal advice and does not create an attorney-client relationship. Reproductions must include our copyright notice. For reprint permission, please contact: publisher@outsourcing-law.com . Edited by Bierce & Kenerson, P.C. Copyright (c) 2009, Outsourcing Law Global LLC. All rights reserved. Editor in Chief: William Bierce of Bierce & Kenerson, P.C. located at 420 Lexington Avenue, Suite 2920, New York, NY 10170, 212-840-0080.

Filed under: Newsletter
Tagged: contracting, Contracts, e-discovery, humor, Insourcing, Misrepresentation, outsourcing, risk management, sourcing

E-Discovery and Legal Process Outsourcing: ESIM Process Design and Choices between Outsourcing vs. Insourcing

December 21, 2009 by Bierce & Kenerson, P.C. · Leave a Comment

State and federal rules of civil procedure and emerging common law of the discovery process impose significant costs on businesses that are engaged in litigation. Pre-trial “discovery” serves to narrow the issues in dispute by forcing the disclosure of records, including electronically stored information (“ESI”) for judicial economy, to narrow the scope of disputed issues for adjudication (such as through motions for partial summary judgment, admissions and prior inconsistent statements), and to speed the actual trial process. E-discovery has become a daily challenge for the General Counsel, the CIO, the COO and the Risk Management Department. They face a choice of policies, procedures and technologies for insourcing (such as by using forensic software and employed staff) or outsourcing for electronic records discovery management. This article explores some of the differences between insourcing and outsourcing in terms of ESI records management, legal requirements for protection and production of electronic records, project management in forensic record examination, litigation readiness, knowledge management, risk management, ethics and legal compliance.

I. E-DISCOVERY AS A SUB-PROCESS OF RECORDS MANAGEMENT.

Record and Information Management (“RIM”) Policies and ESI Management (“ESIM”). The demands of e-discovery highlight the challenges of developing and managing effective governance policies and procedures for information of all kinds, including ESI, and the challenge of adopting and updating an ESI management (“ESIM”) plan for “business as usual.” The International Standards Organization has developed a records management standard (ISO 15489-1, at www.iso.org). ARMA International (www.arma.org) has identified eight standards for records and information management (“RIM”), namely, accountability, integrity, protection, policy compliance, retrievability/ availability, retention, disposition and transparency.

Memory-storage devices have proliferated, challenging the company’s records custodian. In addition to computers, there are cell phones, cameras (stand-alone or in cell phones), scanners, facsimile machines, USB “key” drives, backup hard drives and other storage devices. All pose a challenge for a fully compliant response to an e-discovery request.

Legal Requirements for Protection and Production of E-Records. Federal and state rules of civil procedure have evolved to include electronic records. See F.R.Civ. P. 26(b), 34 and 45 (subpoenas) and F. R. Evid. 901(a) (authenticity). State procedural rules have been adopted to implement the Uniform Rules Relating to Discovery of Electronically Stored Information issued by the National Conference of Commissioners on Uniform State Laws. [Copy available at http://www.law.upenn.edu/bll/archives/ulc/udoera/2007_final.htm]. Basic common law, statutory and civil procedure rules in e-discovery start with similar requirements:

Protection: preservation of ESI through a “litigation hold” to prevent inadvertent loss when a third party demand has been made, or it has become reasonably foreseeable that such a demand will be made, and ensuring that the in-house attorney’s instruction is actually implemented (for example, avoiding the inadvertent over-writing of storage and backup tapes).
Accountability: identifying the scope and “proportionality” of the e-discovery requirements in relation to the overall scope of the dispute.
Cost allocation: allocating costs that are reasonable to the producing party and costs that are unreasonable to the requesting party.
Cost management: using search terms and other cost-effective automated search technologies to get the reasonable or “agreed” coverage for the initial triage, fulfilling the approach that information technology can solve the problem of searching massive records databases using search technologies. See, e.g., Zubulake v. UBS Warburg, LLC, 2004 WL 1620866 (SDNY July 20, 2004, Judge Scheindlin) and other rulings in the same case, at 217 F.R.D. 309 (SDNY 2003), 216 FRD 280 (SDNY 2003) and 2003 WS 22410619 (SDNY Oct. 22, 2003).
Integrity (authenticity and identification of the e-record): identifying appropriate methods and procedures for ESI production, including the appropriate level and nature of legal supervision of forensic inspections, to ensure authentication under F.R.Evid. 901(b) by using circumstantial information such as the file access permissions, file ownership, dates when the file was created and when it was modified, other metadata and hash values for the record when copied to a forensic computer for analysis.
Accessibility: under the rules of evidence: identifying and managing risks of loss of evidentiary privileges by the mere use of electronic e-discovery tools and procedures.
Accountability for Non-Compliance: identifying the sanctions for culpable conduct, mainly, “spoliation” (intentional or negligent destruction of evidence) or negligent collection done by the record custodian rather than by an automated process, such as:

judicial issuance of an instruction to the jury that the jury may validly draw a “negative inference” (or “adverse inference”) from the fact that the offending party could not produce the normally available documents in support of its legal arguments, resulting in a conclusion that, if the “lost” or “destroyed” records had been introduced into evidence, they would have supported a negative conclusion as to disputed factual matters; and

judicial sanctions including an order to pay the reasonable expenses, including attorney’s fees, caused by the violation of discovery rules, where, for example, the adverse party incurred expenses to overcome the inability to access the “lost” or “destroyed” (spoliated) records.

Project Management in Forensic Record Examination. Within a holistic approach to ESIM, e-discovery tools and techniques can be identified along the continuum of “cradle-to-grave” (or more appropriately, “cradle to judge and jury”) progress. As a sub-process of electronic records management, an e-discovery process model can be used to identify the particular role or function of third-party software, in-house resources and an outsourcer’s resources. By looking holistically at the end-to-end chain of processes leading to satisfactory e-discovery compliance, under such a paradigm, the end-result, production and presentation of ESI, can be managed by effectively adopting either a total control at the “information management” level (when records are initially created and stored). The following is our own view of electronic discovery records management (“EDRM”) as a subset of an enterprise-wide holistic ESIM resource management paradigm for governance, risk management and compliance in e-discovery:

Litigation-Readiness: Converting “Business as Usual” IT into Information Management Operations for E-discovery. Information technology plays a strategic role in the enterprise’s ability to comply with e-discovery mandates. The enterprise’s legal department should team up with the IT department, the records management department and the line-of-business management to participate in the design – or re-design – of the enterprise’s information management operations and records management. E-discovery compliance features are now available through software that can troll the enterprise’s entire ESI, search for information according to a myriad of legal and business terms, technical parameters. In conjunction with the CIO and the records management department, the legal department can:

Gap Analysis: Conduct a “gap analysis” to identify which features are missing from those that are recommended or required under the applicable rules of civil procedure and common law, particularly those policies and procedures that involve data collection, classification, accessibility, storage, retention and destruction.
Strategic Access Plan: Develop a strategic access plan for the full life-cycle of “business as usual” and custody and control, including audit, of the company’s information and litigation-relevant information.
Process Design using an ESIM Paradigm: Apply the e-discovery records management sub-process of the enterprise’s holistic ESIM model to identify and segregate functions that will be performed by in-house or captive resources and those for outside legal counsel and outsourcing service providers.
Cross-Border Considerations: Integrate multinational and cross-border legal mandates into the design of the information technology and information management systems, at an early stage in the e-discovery process, to avoid breaches of foreign data protection and privacy laws when complying with U.S. judicial rules of procedure.
Integration of Internal and External Resources: Develop policies and procedures for use of outside litigation support services providers and an array of personnel and technology resources both domestically and internationally to fulfill e-discovery compliance mandates, without adversely impacting the ongoing business operations.

Litigation-readiness must be added to the selection criteria for new IT initiatives such as “cloud computing” (here, the “software as a service” model, not the “variable IT computing-power as a service” model), internal and external social networks, Twitter and internal and external collaboration platforms such as wikis, e-rooms and Google Wave.

Knowledge-Management Readiness: Managing and Protecting Corporate Knowledge. “Knowledge management” refers to policies, procedures and technology that enable an enterprise to capture, organize, identify, re-use and protect the confidentiality of its trade secrets. Knowledge management (“KM”) procedures must also enable the enterprise to distinguish among sources of confidential information that may be trade secrets, copyrights or patents of third parties (including “freeware” and “open source” software) as well. Accordingly, CIO’s must adopt KM planning strategies that, in conjunction with legal and compliance departments, also serve regulatory and legal requirements. The IT infrastructure needs to identify all such trade secrets during the e-discovery process so that, if disclosable, they are subject to non-disclosure and non-use under appropriate protective orders.

II. RISK MANAGEMENT

Risk of Spoliation by Employees and Contractors. According to one e-discovery service provider, a large majority of all corporate litigation is employment-related. If employees have access to change ESI, disgruntled or negligent employees pose a major risk of spoliation. Employees can unknowingly or intentionally destroy ESI evidence. Such actions can range from concealment (through downloading pirated software that deletes files on the employee’s web surfing history) to sabotage (actually deleting documents).

As a result, the legal department and the CIO need to develop IT-enabled solutions to prevent such acts. This article does not address this particular issue, but it highlights the need for appropriate design of the overall information management architecture as a preventive measure.

Risk Management. From the risk-management perspective, a proper defensive strategy will require an alliance between the company’s Legal Department, its Risk Management department and its IT department.

IT Role. The IT department needs to work with the Legal Department to ensure a proper chain of custody and proofs of authenticity.
Insurance. The Risk Management Department needs to help design and review the e-discovery process. Sanctions for spoliation have implications for coverages for directors and officers, employment practices, errors and omissions and general liability. The records manager needs to understand how the company’s Records Management (destruction) Policy meets e-discovery requirements.
Legal Department. The in-house Legal Department must not only manage the e-discovery process. It must design and manage effective records management policies, educate all employees about the e-discovery process and its role in management of risks, knowledge and records.

III. BUSINESS MODELS: INSOURCING, CAPTIVES AND OUTSOURCING

Business Models for Insourcing. Before comparing outsourcing and insourcing, it is helpful to consider the different business models in which an internal e-discovery operation can be financed. These models can be summarized:

Infrastructure Investment in a Complete e-discovery Toolkit. At the “high end,” the enterprise can make a capital investment in the essential tools of a fully “in-sourced” e-discovery operation. Such an investment will have significant payback for enterprises having a high volume of litigation with predictable volumes of e-discovery demands. Such enterprises will need to invest in all the people, process and technology necessary for the operation. If the operation is highly automated, it can be effectively managed onshore. If it requires substantial human review, part of the operation may be handled in offshore locations with remote access, security controls and other measures to prevent loss of confidentiality, competitive advantage and effectiveness. This leads to consider a captive e-discovery service delivery center. In this case, outsourcing can be a viable solution for that portion of the e-discovery process that requires supervised human review and analysis.
Pay-Per-Use Pricing. Where litigation is more volatile in terms of volume and timing, a “pay-per-use” pricing for insourced use of third-party technologies can prove cost-effective. This pricing model provides some benefits to enterprises that have very few litigations, but a large volume of ESI for assembly, analysis, protection and disclosure.
Consumption-Based Pricing. Consumption-based pricing reflects the volume of ESI being sorted and analyzed. This pricing model provides benefits for enterprises that want to allocate litigation costs to individual lines of business or affiliated companies, as a charge-back accounting principle that effectively rewards litigation-free business managers for staying away from the judicial system.

Relative Advantages of Insourcing.

Industries Affected by Persistent Litigation. Several software tools exist that allow in-house counsel and the CIO to conduct the full forensic discovery using staff employees. Internalization of the discovery process makes economic sense where the company is constantly involved in litigation. Such companies typically include insurance companies, banks, consumer products manufacturers, and can include food service chains and franchisees. Other companies that are subject to class action claims for torts or securities law violations can fall into this category as well, impacting virtually any publicly traded company that has a volatile stock price.
Control of Records Management; Cost Management. Software and IT services companies argue that insourcing can significantly reduce the costs of e-discovery. They argue that, by taking control of the forensic search, collection, analysis and processing of a company’s electronic records, companies have more flexibility and control over the manner in which these critical discovery processes are conducted. This control can translate into cost savings by enabling a closer supervision on-site by the internal lawyers.Cost savings must be compared to comparable external services.Cost savings that might arise from an easier ability to make small changes in the search criteria, for example, may result in a loss of the hard-wired “e-discovery plan” that serves as the basis of justifying to the court that the discovery disclosures comply with civil procedure to locate and disclose all relevant records.
Protection of Trade Secrets and Intellectual Property. Insourcing, or using captives, can provide a significant level of additional protection for knowledge management, trade secrets and intellectual capital. Such protection comes at the cost of maintaining internally controlled resources. Outsourcers will claim that their security levels are higher than those in many global enterprises. Outsourcers offer personal non-disclosure covenants by individual employees. But there is always a risk, whether through insourcing or outsourcing, that the personnel having access to trade secrets, for example, might abuse their positions of trust through tipping a securities investor, selling the ideas to a competitor of the enterprise or other tortious conduct. Even a non-disclosure agreement does not constitute a valid non-competition covenant, and even non-competition covenants are unenforceable as a matter of public policy unless strictly limited in time, territory and scope, and (in California and some other jurisdictions) they may require additional payments of consideration. In short, neither insourcing nor outsourcing appears to have a clear advantage in this field, except that e-discovery managers who are employed by the enterprise might offer an advantage by having ongoing knowledge of what is (and is not) a trade secret for faster, better, “cheaper” claims to a protective order.
Effectiveness of Coordination and Collection of ESI. The use of skilled internal people who know the company’s operations may be able to provide better collection and coordination of ESI. However, “professional” e-discovery service providers may have the advantage in skills at the beginning as the company’s internal personnel become familiar with the processes and technology of e-discovery. Hence, insourcing might follow outsourcing until the processes can be internalized.
Reduction of Risks of Noncompliance with e-discovery Rules. Well-trained, well-supported internal personnel might be able to reduce risks of non-compliance in the typical e-discovery process.

Relative Advantages of Outsourcing e-discovery. Outsourcing of e-discovery processes may be costly, but it may be the best solution for several reasons. This requires an analysis of the relative merits. This “gating analysis” should include appropriate considerations of staffing, quality, ethical risks and speed.

Staffing. One of the key benefits of outsourcing, and one of the key parameters in selecting the right outsourcing service provider, is the service provider’s staff. The best outsourcers have developed a methodology for human capital management in the specialized field of e-discovery and related disciplines. The outsourcer designs a service delivery platform, recruits, trains and tests its staff in generic functions (including project management, information technology and security) and then offers this staff for custom-training on the litigating company’s particular process and e-discovery requirements.Using a business company to provide litigation support can run afoul of ethics and disciplinary rules applicable to the litigating company’s (or its law firm’s) lawyers. Law society rule in England will be changed if and when a pending draft law is modified to permit competent non-lawyers to perform tasks that might be considered the practice of law. Under applicable ethics opinions of the American Bar Association and various city and state bar associations, the in-house lawyer or outside law firm cannot escape certain core ethical duties:

to supervise the work of the outside service provider;

to avoid assisting in the unauthorized practice of law (“UPL”)

to ensure the protection of client confidences;

to avoid waiving any rule permitting a claim of legal privilege (and to rectify innocent or mistaken disclosures, see e.g., Fed. R. Evid. 502);

to avoid conflicts of interest;

to protect against data loss, theft or other act or omission that might constitute sanctionable spoliation;

to comply with the rules of court relating to e-discovery and management of ESI at all stages.

Vendor selection involves finding the right fit for the particular litigating company’s legal, regulatory, compliance, privacy, legal ethics and security requirements.

Service Level Metrics and Quality Considerations. Few internal employees want to live by performance metrics. Outsourcers live by “guaranteeing” service metrics and other quality parameters.

Offshoring Issues. In considering an offshore captive or an offshore LPO outsourcing, the company’s lawyers must evaluate special cross-border legal issues.

Export Controls. By transferring any U.S. data abroad, the company may require a license from one or more branches of the U.S. government. While commercial information may be subject to a general export license that does not require any notification, filing or administration, some information (such as software or design information that may have dual civilian and military uses) may require a specific license. Similar issues arise where the company’s ESI includes trade secrets, pending patent applications and other information that is subject to a required export license.
Data Protection. Data protection rules under HIPAA and other legislation may apply to the data being processed. Foreign LPO service providers must ensure compliance.
Privacy. Privacy rights arise from many legal sources and different jurisdictions. Depending on the source of any personally identifiable information (“PII”), any transfer of company records to a foreign LPO service provider may violate applicable rules. This issue suggests a proactive approach in the design and implementation of the company’s overall information management systems.
Third-Party Consent. The information in a company’s database may include information that is licensed under restrictive disclosure conditions or where a third-party’s consent is required by an applicable law. Third-party consent may be required.
Client Consent. The information in a company’s data base may also require the client’s consent
Political Risk. Foreign service providers come with a suite of political risks that could impair service quality, timeliness of service, confidentiality and other custody and control issues for the ESI and the foreign nationals accessing such ESI.

IV. PROJECT MANAGEMENT

Most effective e-discovery procedures will require effective integration of internal and external resources. The design, planning, implementation, performance, intermediate re-balancing and supervision of all resources remain, of course, in the hands of the company, and, in particular, in-house attorneys. The Legal Department (which is ultimately responsible) may wish to consult with “outsourcing lawyers” not merely with litigation counsel on achieving a flexible, cost-effective, efficient design, vendor selection and supervision, review of compliance with ethics rules and project management.

Evaluation Process. Companies evaluating an LPO solution for e-discovery (or any other LPO) should therefore carefully explore all relevant implications, design the program for compliance and quality of service, address special issues involving any cross-border data flows and other commercial, judicial rules, legal and ethical requirements.

Project Management Roles. Each LPO project requires thoughtful and careful attention to ensuring that all responsibilities of the different parties are aligned with their roles. Within the outsourcing model, there is room for designing and allocating roles and responsibilities to give in-house attorneys control of the process so that they can manage the ethical responsibilities. The introduction of the LPO service provider raises new questions whether the cost-controlling measures will impair (or improve) the quality of the outcome. External lawyers could also manage the service providers.

V. BUSINESS MODELS

Business Models. Currently, most LPO e-discovery services are conducted under business models of insourcing (including contract attorneys), captives and outsourcing.
New Models. Over time, companies and their legal counsel will become more familiar with the tools, alternatives and strategies for effective LPO, including identifying and assessing risks and evaluating a risk-benefit matrix. With greater maturity in capabilities, new business models for identifying and managing e-discovery processes, tools and personnel may evolve. The impact of cloud computing, platform-as-a-service, software-as-a-service, virtualization of both servers and client computing and mobile computing will challenge enterprises and their technology and legal service providers to integrate a holistic and global ESIM process to incorporate the EDRM subset as “business as usual.”

Filed under: Newsletter Article, White Paper
Tagged: Accessibility, Accountability, Agreement, cloud computing, Cost allocation, Cost management, data protection, dispute resolution, e-discovery, ethics, Insourcing, integrity, Knowledge-Management, Memory-storage devices, outsourcing, Policies and ESI Management, privacy, Protection, Record and Information Management, risk management, sourcing

Outsourcing Law & Business Journal™: October 2009

October 29, 2009 by Bierce & Kenerson, P.C. · Leave a Comment

OUTSOURCING LAW & BUSINESS JOURNAL (™) : Strategies and rules for adding value and improving legal and regulation compliance through business process management techniques in strategic alliances, joint ventures, shared services and cost-effective, durable and flexible sourcing of services. www.outsourcing-law.com. Visit our blog at http://blog.outsourcing-law.com for commentary on current events. Insights by Bierce & Kenerson, P.C. www.biercekenerson.com Vol. [...]

Filed under: Newsletter
Tagged: Business Process Outsourcing, cloud computing, e-discovery, humor, management, outsourcing, Shared Services Exchange, sourcing

Shared Services in Lieu of Outsourcing: Offshore Captive Internal Bank

October 16, 2009 by Bierce & Kenerson, P.C. · Leave a Comment

Summary.

In making the classic “buy vs. build” decision in relation to services to manage sophisticated business processes, enterprises may elect to establish a captive enterprise to perform “shared services” for affiliates. The “shared services captive” is an alternative to buying outsourced services. But it is also an alternative to internal administration of a business process separately by individual departments, divisions or lines of business. Shared services captives can provide key advantages for diversified multinational enterprises, particularly as a cost-reduction technique when sales and sales margins might be eroding in a global economic downturn.

Captive Internal Bank.

Sony Corporation, the Japanese-based electronics and entertainment group, announced in June 2003 that it was planning a major expansion of intercompany banking services to help reduce financing charges and manage currency risks for all affiliates.

Cost Savings.
According to Sony’s managing director for Global Treasury Services, Mr. Hiro Kurihara (as quoted in an interview with the Financial Times), the London-based shared services operation will generate cost savings of approximately $30 to $40 million per year.

Risk Reduction.
In addition, Sony projected reduction of risks of changes in currency in connection with the settlement of intercompany transactions. Sony plans to offset foreign exchange risks with services — normally offered by money-center banks — of “automatic cashless settlements” and “automatic sweeping.” This requires investment in information technology and integration with others in financial services markets.

Centralization, Specialization and Scale.
Sony’s Global Treasury Services acts like a clearing bank for all affiliates. In this centralized function, the shared services affiliate can aggregate volumes of transactions that are generic, but whose handling requires specialized skills. As a result, economies of scale can reduce per-unit costs and increase focus on specialized transactions that internal financial executives in operating affiliates might not have, or might find difficult, time-consuming or costly to acquire. The Sony shared services affiliate reportedly manages 95% of the enterprise’s financial derivatives and exchange swap transactions.

Transition and Transformation.
The transition to an internal financial services captive is part of a global restructuring that will result in accounting charges of approximately $1.2 billion. Restructuring to include new, enhanced shared-services affiliates may help multinationals such as Sony to transform their services models by increased efficiency and cost management.

Integration with Insourced Transactions.
Establishment of a shared services affiliate requires careful attention to integration with other internal processes. The shared services affiliate must define its “services offerings” and enable managers in affiliated lines of business to use the services with minimal cost and delay. As a result, virtually all “shared services” are digitally integrated. The degree of integration may range from the use of telephones and e-mails to a web-enable Internet-accessible portal. As a result, shared service affiliates generally are purchasers of services and technology from third parties.

Integration with Outsourced Transactions.
Indeed, shared services providers may be the largest purchasers of outsourced transactions. For example, Proctor & Gamble was negotiating for a complete sale of its shared services affiliate to a global outsourcing services provider in 2002. When P&G was unable to obtain its desired sales price at for the services charges that it wanted, P&G chose instead to hire Hewlett-Packard to provide selective outsourced services to support its insourced “shared services” operation.

Advantages in Shared Services.

Shared services affiliates, or “captive” service companies, have many of the advantages of an outsourcing without any loss of ownership and control over business processes, technology, intellectual property and personnel. Shared services captives can develop and retain knowledge capital involving sophisticated business transactions that individual affiliates cannot acquire due to smaller volume of similar transactions. As the business process involved becomes more subjective and susceptible to business judgment, shared services captives retain an advantage over outsourcing because that very subjectivity might be a core competitive advantage and might not be scalable.

Risk Management in Shared Services.

Adoption of a “shared services captive” approach involves a number of risks that can be managed by treating the captive as an external service provider of outsourced services. Such techniques include:

adoption of “service level agreement” obligations, with financial incentives and consequences for failure, applicable to the management and employees of the shared services affiliates;
details concerning the integration of the captive’s services with those of the other operating companies or lines of business;
suitable insurance coverages;
suitable contracting procedures for outsourcing of certain perfunctory tasks of the shared services captive to independent outsourcing services providers;
human resources and intellectual capital management techniques for aggregation and accumulation of related processes and improvement in business processes, quality of service and optimal alignment with the key performance indicators of the core business’s mainstream operations.

Shared Services on the Continuum of Insourcing and Outsourcing.

In conclusion, shared services companies, or captives, perform roles that run along the continuum of fully vertically integrated insourced operations to a skeleton of core competencies supported by a network of outsourced operations. If a business process can be outsourced, it can also be insourced after the outsourcing. If it has been insourced, it could be structured more efficiently as a captive to look like an outsourcing. And once structured as an outsourcing, it could become a true outsourcing service provider to support non-affiliated customers, and could even be spun off to shareholders or sold to a strategic buyer. Thus, the captive shared services organization can mutate according to trends affecting customers, suppliers, corporate strategies, changing processes and changing marketplaces. In establishing internal captives, the lessons of outsourcing can improve performance and flexibility.

Filed under: White Paper
Tagged: Business Process Outsourcing, business processes, Cost management, outsourcing, risk management, service level agreement, service provider, shared services captive

Call Centers and Customer Relationship Management

October 16, 2009 by Bierce & Kenerson, P.C. · Leave a Comment

Thanks to Customer Relationship Management (“CRM”) software and low-cost, high-speed international telecommunications, a call center can be located anywhere in the world. While the legal issues in offshoring of any outsourced service can be complicated, the business issues are generally the same.

Who Should Outsource Call Center or CRM Functions?

Call centers connect your enterprise, its goodwill and operations, to your prospects and customers and, if you wish, even influencers of consumer behavior. Any high-volume consumer industry can benefit by outsourcing call center functions. These might include, for example:

health care
automotive
retailing
services to the household, such as oil and gas deliveries, electrical utilities and telecom providers
consumer electronics
wireless communications
financial services, including banking and brokerage
insurance
travel and hospitality
media

Scope of Services:

Since a call center can deliver any type of services that are capable of being done by telephone, enterprise customers need to classify the possible scope of services. This classification will suggest the key parameters for defining and achieving the intended goals of the call center. The following list is only an indication of some basic classes of outsourced call center services.

Customer Service and Support.
This type of service can be as simple as advising your customer about the information he needs from your data base, such as account balance, unpaid amounts, deadlines and credit balances. Or customer service can involve a complex decision tree involving a script that you prepare to determine your customer’s needs, complete an application or request for change of information, and execute your customer’s orders.

Technical Support / Warranty:
In helping your customers solve problems relating to your products or services, you want to be able to resolve all problems in the first call. Achieving high first-call resolution rates with lower per-call handle times can make a significant cost difference. To some degree, you remain responsible for success because of the way in which you plan the interaction based on manuals, scripts and decision trees. Technical support (or “telephone help desk”) can provide invaluable in retaining customer loyalty and avoiding costly product returns or service cancellations.

Sales, Bookings (travel reservations) and Customer Retention:
Your telesales department needs to convert inquiries into sales, and to retain customers upon expiration of subscriptions or upon other termination events in your customer relationship. Telesales are useful both at the beginning and the end of your customer relationship life cycle. As a tool for proactive outreach, customer retention programs can help sustain your bottom line.

Marketing Surveys and Research:
Outbound calling can identify potential customers, identify an existing customer’s interest in possible new products or services from your company and conduct inquiries about consumer preferences as to pricing and features of existing and new products. This can help your market positioning, promotional campaigns, product design, pricing and sales approaches. Outbound calling can also be used to clean up duplicates or stale information in your “old” data bases, validate existing information, for “data base scrubbing.”

We would welcome any suggestions to make our list more complete, and to identify any special needs that are suggested in the following list.

Ownership and Control Issues: Outsourcing vs. Captive (or “Shared Service Center”).

Call centers come in various shapes and types. You can outsource, or you can create your own foreign call center. Outsourcing is probably cheaper and faster to get started, but establishment of captive call centers can be achieved using external service providers to create the infrastructure, train the employees according to your requirements and help you manage the entire operation.

Criteria for Selecting a Call Center / CRM Service Provider.

Enterprise customers shopping for a call center or CRM service provider should identify key performance indicators (“KPI”) relevant to their industry. On a generic basis, enterprise customers should consider whether prospective CRM service providers offer any unique strategic insights that streamline operations, the strength of any IT-enabled data-driven relationships to your customers and, over time, the degree of continuous process improvement.

Countries.

Effective call centers are in Philippines, India, Ireland, Brazil, Mexico and Canada, are the typical suspects. Many foreign call centers will be integrated with domestic call centers for backup, problem escalation and culture-sensitive situations.

Legal Issues Affecting Enterprise Customers for Call Center Operations

Outbound Calls (from the Call Center to the Customer):
Outbound calls can be intrusive. For public policy reasons, such intrusions should be limited and targeted, as well as complying with applicable restrictions on calling. Legal issues in outbound calls include:

privacy of data and data protection
fair trade practices, including invasion of privacy, consumer protection and other local laws and regulations restricting access to the target customer or prospect
Force majeure, including terrorism, act of war and natural catastrophes
Currency exchange fluctuation
Termination conditions

Inbound Calls (from the Customer to the Call Center):

All Calls:
Any contact with a customer could build or harm your goodwill. Call centers needs to comply with the rules of etiquette as well as laws relating to abusive relationships.

International Outsourcing:
Offshore outsourcing contains a suite of unique risks. International risk management needs to be planned into the outsourcing contract and the methods of service delivery.

If you need any coaching, planning or legal advice, please let us know.

Filed under: White Paper
Tagged: call center, Customer Relationship Management, enterprise customers, outsourcing, risk management, service providers

Financial Planners Outsource Their Back Office Support Staff to Home-Based Workers

October 16, 2009 by Bierce & Kenerson, P.C. · Leave a Comment

Summary.

Suddenly, outsourcing benefits come to financial planners. But reports of the advantages may be too good to be true.

What is Outsourced, and to Whom.

In a lead article, The Wall Street Journal announced in April 2003 that a small number of financial planner are adopting an outsourcing model in their business, hiring “independent contractors” to manage tedious tasks. Such tasks might include:

credit checks and reference verifications for new clients;
data entry for investment statistics and record keeping;
cash flow analysis;
retirement planning strategy;
preparation of financial plans.

Rationale.

Financial planners who outsource such back-office business processes claim that it allows them to devote more time to their basic business of consulting and counseling. The independent contractors, most of whom work from their homes, need little training to perform the functions, yet the outsourced functions are the time-intensive components of financial planning.

Legal Issues for Home-Based Workers.

Many issues arise in outsourcing to home-based workers.

Employment Relationship (vs. Consulting Relationship).
The Internal Revenue Service has proposed a list of 20 questions used to determine whether an individual who is a service provider is an employee or an independent consultant. Properly structured, the relationship can be proven to be independent, thereby saving the customer (financial services planner, for example) in Social Security and Medicare taxes.

Negligent Selection and Recruitment.
In an employment relationship, the employer is potentially liable under the tort theories of:

respondeat superior (vicarious liability for the tortious acts of one’s employee) or,
for certain intentional misdeed by the employee, negligent selection and hiring without due diligence.

In an outsourcing context, virtually the same principle applies because the financial planner is liable as “general contractor” for the mistakes of the subcontractor. But, unlike an employment relationship, the contractor (financial planner) is generally not liable for malfeasance or intentional conduct of the outsourcing service provider.

Pension Plans and ERISA.
If the financial planner is deemed to be an employer, then the outsourcing services provider might be deemed covered by the Employee Retirement Income Security Act of 1974. Any pension, medical or profit sharing plan of the financial planner might have to cover the services providers, under penalties for any failure to comply.

Accidents on the Home Front.
Financial planners or others hiring home-workers should identify the respective liabilities of the parties in case of any accident while the home-worker is engaged in performing services. This is potentially a greater risk for an employer than an outsourcing customer, but it poses risks to both.

Confidentiality.
Any outsourcing transaction should be governed by appropriate confidentiality commitments to protect the information of the financial planner. But this raises a question whether the financial planner’s client is willing to have such subcontractors see the relevant confidential financial information.

Client Engagement Letter.
Accordingly, if third parties are to receive and review confidential or proprietary information, the client must approve the process. This principle applies, as a statutory requirement, in case the financial planner is affiliated with a financial institution under the Graham-Leach-Bliley Act or if the information includes confidential medical information protected by the Healthcare Improvements Portability and Accountability Act of 1996.

Management.
The financial planner will still need to manage the service provider. The costs and time of such management can be high if the financial planner does not have a well-organized plan of his or her own to use appropriate collaboration tools and review the work done by the service providers.

Best Practices.

The best financial planners who outsource any function will follow the rules set forth above. In addition:

Web-Enabled Collaboration.
Outsourcing customers, having learned the uses of e-mail, now are learning the uses of Web-enabled collaboration tools that permit close collaboration. Such tools do not require any immediate presence of the service provider on site, or the use of the financial planner’s assets, inventory, rental space or other facilities.

Centralized Security and Storage.
Data security and storage must be managed effectively.

Added Value.
By outsourcing substantial portions of a business, the business manager risks losing the competitive advantage of controlling a niche specialty. This is a classic challenge for outsourcing customers generally. Like other risks, it requires a balancing of business, legal and commercial requirements with the perception that the business manager lacks the essential tools. So the marketing of such operations requires a continuous compelling reason for the clients to buy the services. Effective supervision and integration of outsourcing service providers adds value by providing teamwork and leverage.

Filed under: White Paper
Tagged: Financial planners, independent contractors, outsourcing, service provider

Summary.

Captive Internal Bank.

Advantages in Shared Services.

Risk Management in Shared Services.

Shared Services on the Continuum of Insourcing and Outsourcing.

Who Should Outsource Call Center or CRM Functions?

Scope of Services:

Ownership and Control Issues: Outsourcing vs. Captive (or “Shared Service Center”).

Criteria for Selecting a Call Center / CRM Service Provider.

Countries.

Legal Issues Affecting Enterprise Customers for Call Center Operations

Summary.

What is Outsourced, and to Whom.

Rationale.

Legal Issues for Home-Based Workers.

Best Practices.

Register Now