To Arbitrate or Not, That is the Question

November 14, 2011 by Bierce & Kenerson, P.C.

In KMPG LLP v. Cocchi, the U.S. Supreme Court ruled on November 7, 2011, that agreements to arbitrate must be enforced in federal and state courts under the Federal Arbitration Act, 9 U.S.C. §1 et seq. 565 U.S. ___ (2011). Judicial interpretation of arbitration clauses has resulted in the bifurcation of remedies before courts and arbitrators on the same facts. Such bifurcation adds costs and leads to uncertainty for the parties.

This case serves as a reminder to both parties to consider possible risk management and relationship governance frameworks. This article analyzes some ways to identify and minimize the risk of such bifurcation and piecemeal dispute resolution that neither party wanted. The parties may wish to evaluate and, at least internally, quantify the impact for pricing purposes in contract negotiation.

This decision relates to alleged professional malpractice by a regulated professional service provider. For unregulated BPO “professional” service providers, it raises red flags. It shows the risk profile for claims from persons other than the enterprise customer. The parties therefore may wish to consider the interests of persons who might be adversely affected by the BPO services, such as the BPO service recipient’s own customers, suppliers, users and licensees. Such interests can be addressed in the frameworks of relationship governance, risk management and compliance.

The Parties. This case involved parties claiming that KPMG LLP was liable to them as investors in limited partnership investments that were allegedly defrauded by convicted securities fraud Bernie Madoff. KPMG had audited the financial statements of the investment partnerships. KPMG had included an arbitration clause in the engagement letter that covered all claims from their services, or so it thought.

The Claims. The defrauded investors asserted four different claims against KPMG. Two were common law claims: negligent misrepresentation and professional malpractices. Two arose from statutes intended to protect claimants, but none of those claimants were signatories to the engagement letter: violation of the Florida Deceptive and Unfair Trade Practices Act (FDUPTA) and aiding and abetting a breach of fiduciary duty. All the claims are based on the same alleged facts, that KPMG allegedly failed to use proper auditing standards that proximately led to substantial misrepresentations about the financial condition of the investment funds, resulting in investors’ losses.

“Derivative or Direct?” Whose Claims Are Covered by the Agreement to Arbitrate? The Court reviewed the question whether the arbitration clause could only be enforced if the plaintiffs’ claims were “derivative” (subordinate, arising out of the services that KPMG performed for the investment partnerships that were KPMG’s clients and therefore subject to arbitration). Applying Delaware law, the Court of Appeal for the Fourth Circuit concluded that the claims of negligent misrepresentation and violations of FDUPTA were direct, not derivative, and therefore could be asserted directly by the investors. Unless the claimants have agreed to arbitrate, “direct” claims are not arbitrable. That Court of Appeal affirmed the trial court’s denial of KPMG’s motion to arbitrate.

The Supreme Court concluded that the characterization of claims as derivative or direct is a matter of state law. That was not in dispute.

Limitation on Trial Court Discretion in Deciding Which Claims are Direct (and thus Outside the Arbitration Clause) and Which Are “Derivative.” The Supreme Court revered and remanded that lower court’s decision because the lower courts had rejected KPMG’s motion to compel arbitration of those claims that were covered by the arbitration clause. In short, the lower courts had wrongly decided that, if two of the four claims were NOT arbitrable, then none of the claims were arbitrable. The Supreme Court held that the lower courts failed to follow the plain meaning of the Federal Arbitration Act and a 1985 precedent, Dean Witter Reynolds, Inc. v. Byrd, 470 U.S. 213, 217 (1985), by their failure to “examine a complaint with care to assess whether any individual claims must be arbitrated,” when a complaint contains both arbitrable and non-arbitrable claims. Slip Op., at p. 4.

Lessons for Outsourcing. Outsourcing contracts are very similar to the KPMG audit services agreements. The parties agree to arbitrate all disputes arising out of the agreement. Any “direct” claims by customers or users of the services are independent of the arbitration clause and thus subject to direct litigation in courts.

Value of Arbitration. A well-drafted arbitration clause offers many benefits:

shield the parties from the publicity of their dispute;

obtain a neutral decision under well-administered scheduling process;

escape from the whims and attitudes of a jury that is not sophisticated and generally may consider non-business, maybe non-legal, sentiments rather than what is “commercially reasonable”;

confidentiality enables some more avenues for negotiated resolution, without judicial supervision of the settlement;

become enforceable not only in the United States, but in other countries that are parties to arbitral enforcement conventions.

In global sourcing, reputational damage can arise from publicity of a dispute, so the confidentiality has some benefits for each party.

Shared Risk Management. Early “master services agreements” shifted to the service provider the responsibilities for risk management and compliance. Some commentators (such as Kate Vitasek, a professor in University of Tennessee) suggest that a partnership approach can mutually reduce individual and collective costs and liabilities in risk management and compliance. The KPMG v. Ciocchi decision invites providers and recipients of global services to implement effective communications and joint decisions, and to reduce potential liability to third parties. In the KPMG situation, however, the service recipient (managers of limited partnerships as investment funds) had no knowledge of the “professional standards” for auditing, and thus did not really care, or had no incentive, to share, in the risk management issues facing the “professional services provider” (auditors).

Professional Services: GRC Challenges for “Professional Services.” The KPMG decision also reminds licensed professionals such as architects, attorneys, accountants, engineers, auditors and other licensed professionals that “the buck stops here.” As is well settled under the Dean Witter Reynolds decision in 1985, such licensed professionals cannot escape statutory liability (and court litigation) from affected individuals even if their corporate client signs an arbitration agreement. So they need to consider the pricing impact of such potential liability, as well as the costs of defense where they could eventually win against the affected individuals (such as customers, users, licensees, employees of the client enterprise) who allege statutory rights, including potential punitive damages and “racketeering” triple damages.

Enterprise customers have an interest in the viability of their service providers. Clients of Arthur Anderson experienced significant lost time and lost value when Enron collapsed and the accounting firm “disappeared.” For the same reasons, outsourcing customers should respect the rights of service providers to limit liability and to participate in joint risk management and compliance activities. In short, transparency and effective relationship governance offer real value to both sides.

Service Providers. For BPO service providers, the KPMG v. Ciocchi decision is a wake-up call to identify, in due diligence, the risks of litigation with an enterprise customer’s downstream clients, users and customers under the “direct vs. derivative” dichotomy. If such risks exist, then BPO service provider may wish to discuss indemnification issues.

The BPO service provider can therefore raise the question whether it should be indemnified for claims arising from indirect users of those services, such as a bank’s customers, an insurance company’s insured policy holders, or a mortgage origination company’s loan applicants. Such an indemnification would not convert the “direct” claims into “derivative” claims, but would leave the service provider in the position of asserting an indemnification claim against its BPO customer. Assuming its customer is solvent, then the customer has assumed the liability of such “direct” claims, and the courts could then be asked to compel arbitration for all such claims if such BPO customer had obtained arbitration agreements from its own end-users or downstream customers.

Enterprise Customers. For enterprises purchasing BPO services, the KPMG v. Ciocchi decision highlights the need for adopting and implementing their own arbitration dispute methods in contracts with their own clients, users and customers. If the BPO service provider comes to you asking for an indemnification or a higher price, you will get the message. Maybe you can sidestep the issue by simply refusing to indemnify, since the enterprise is not responsible to its clients, users and customers for the wrongdoing of its BPO service provider for “direct” claims that escape arbitration under the Dean Witter decision. Or maybe you would be happy to pay a higher price to escape the indemnification. Or you might reject the BPO service provider as an eligible vendor. These issues can be explored in the “assessment” and “selection” processes.

Impact of KMPG Decision on BPO Governance Models for Dispute Resolution and Relationship Governance. Whatever its negotiating position, the enterprise customer needs to adopt risk management strategies that address its potential vicarious liability that might arise from an insufficient legal structure for relationship governance or a failure to actually track and implement a robust governance process. In short, the enterprise customer has potential vicarious liability to its own customers, clients and users under principles of respondeat superior and negligent supervision. The enterprise customer may mitigate its potential liability by obtaining insurance coverage and indemnification for willful misconduct and gross negligence of the BPO service provider. But respondeat superior and negligent supervision apply to cases where the enterprise customer failed to “manage” and “oversee” the BPO service provider’s ordinary negligence. All this invites further discussion at the planning stage.

Risk Management Practices. Each party needs to identify and address issues that relate to the use of arbitration (or, alternatively, litigation in court) by contract.

Filed under: Newsletter Article
Tagged: arbitration, BPO service provider, derivative claim, direct claim, enterprise customers, Federal Arbitration Act, governance, GRC, indeminifcation, indemnify, insurance, KMPG LLP v. Cocchi, Master Services Agreement, risk management, roles and responsibility, shared risk, vicarious liability

Belt and Suspenders, and From SOX to SOC’s: Changes in Service Audit Standards on the Service Organization’s Risk Management, Security and Process Controls

October 29, 2010 by Bierce & Kenerson, P.C.

It’s Halloween 2010. We’re spooked by “security controls from the dead” (or the moribund).

How do you know your service provider is providing a secure environment for processing your transactions? Do you trust your service provider? Can you certify your outsourcing relationship can withstand a shareholder lawsuit claiming you lack the necessary audit and control functions? Do you want a report on the description, design and operational effectiveness of controls at a service organization, and what do you get under current and future auditing, attestation and accounting “standards.”

SAS 70 Type II audits have become the de facto standard for publicly traded companies to meet their SOX 404(b) “audit and control” disclosure requirements. SAS 70 audits are big business for audit firms. Now, as the U.S. “generally accepted accounting principles” face convergence into new international accounting standards (IAS), enterprise customers risk losing familiar comfort letters. The emerging accounting standards suggest it’s time to think about “belt and suspenders” for security and process controls. This article considers the new approach to mitigating and managing risks through “control objectives” as “attested” in “service organization control” (SOC) reports for service organizations and subservice organizations in the services supply chain. This new approach comes into effect for fiscal years ending after June 2011. Important procedural details for the U.S. will be promulgated soon.

These changes in how “security” and “process control” are measured are certain to give a boost to consultants, auditors and lawyers. It will give shot in the arm to

o   business analysts, BPM analytics software designers and sourcing consultants, who make a living on assessing and mitigating risk;
o   sourcing lawyers, who make a living integrating, sharing and shifting risks in the global service supply chain; and
o   service auditors, who will pursue a different profile (perhaps more complex) for service audits and will also enjoy reduced risk of professional liability.

The New Standards.

International Standards. In December 2009, the International Auditing and Assurance Standards Board of the International Federation of Accountants adopted International Standard on Assurance Engagements No. 3402 (ISAE 3402) as an “attest” procedure for assessing service organizations’ compliance with IT and process controls. Unlike an “audit,” an “attestation” (or “attest”) involves an audit professional’s attestation to subject matter (or an assertion about something) other than the fairness of the presentation of financial statements. An attestation is less rigorous than an audit.

U.S. Standards. In April 2010 the AICPA’s Auditing Standards Board (ASB) issued Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization. Unlike an audit (such as under Statement of Auditing Standards 70), SSAE 16 is an “attest” report.

New SOC’s for Old SOX. In anticipation of implementing SSAE 16, the AICPA has adopted three new SOC’s to expand the scope of issues examined by CPA’s as service auditors. This helps companies gain more trust in service delivery processes. Under the SOC label, there are three separate categories of such service audits, designed to allow service organizations to meet specific needs. They are also intended to allow service auditors to refocus on niche risks.

SOC 1 Report – Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting.
SOC 2 Report— Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy.
SOC 3 Report— Trust Services Report for Service Organizations.

Value of Control Reports. The value of service audit reports depends on your role in the service supply chain.

Value to Service Organizations. Third-party reports on internal controls in service organizations describe the control processes in services provided by a service organization. Such reports give users information for purposes of assessing and address the risks associated with an outsourced service. If a service organization is compliant with SAS 70 Type II (or the new standards), the service organization has greater credibility that is essential to be able to meet the accounting and regulatory compliance needs of customers. Audits of service providers are necessary to a customer enterprise’s ability to certify that it has appropriate audit and control procedures to manage its business under Section 404(b) of the Sarbanes-Oxley Act of 2002.

Value to Users (Enterprise Customers). Users have been relying on SAS 70 Type II reports for comfort that their outsourcing contracts meet SOX 404(b) standards. However, the new “attest” reports will remove a layer of comfort for users, since the service auditors will not be exercising as much in the way of “critical judgment” and “we could have done better” analysis as under SAS 70 Type II. In short, the user will now have to exercise its own judgment of the acceptability of the “attest” reports and maybe ask for special “attest” report on user-defined “control objectives.” Users will now have to rely more on the service organizations to do the risk analysis, and the users will need to spot gaps in the service organization’s risk analysis.

Control Objectives. Audit and control procedures identify “control objectives,” that target identified risks and seek to mitigate or control such risks. The outsourcing customer needs to understand the scope of the control objectives, since these are generally defined by the service provider. Traditional “control objectives” include security, change management, data integrity, completeness and timeliness. If the customer has any special needs, it needs to get a special “control report.”

Service Organization’s Definition of Control Objectives. Under the new regime, it is the service organization’s responsibility to identify “the risks that threaten achievement of the control objectives stated in the description of its system, and designing and implementing controls to provide reasonable assurance that those risks will not prevent achievement of the control objectives stated in the description of its system, and therefore that the stated control objectives will be achieved.” SOURCE: ISAE 3402, Para. 13(b)(4). In other words, the service provider needs to define the risks it faces and how it plans to mitigate those risks.

From the enterprise customer’s perspective, such analysis should confirm existing documentation and procedures in existing business continuity plans (“BCP”) or disaster recovery plans (“DRP”).

User–Defined Control Objectives. This is a tremendously valuable sales tool for service providers. However, enterprise customers need to know whether their own legal environment needs any different control objectives. This means that outsourcing customers need to identify “every aspect of the service organization’s system that each individual user entity and its auditor may consider important in its particular environment.” SOURCE: ISAE 3402, Para. 17(c).

Downgrade: From “Audit” to “Attest.” The change in 2011 from SAS 70 audits to SSAE 16 “attest” procedures will reduce the professional liability of auditors from high-value, high-risk audit services by converting their role to that of an “attest” function. In an “attest” function, the “auditor” (inspector) does not “audit” all material processes and functions, but merely relies upon the service provider’s assertion that its control system works in the manner described by the service company’s management.

Thus, under SSAE 16 and ISAE 3402, the auditing profession only checks on management’s description. The higher level of “audit” is reduced to merely to “attest” to what management describes. The new objectives of the “attest” inspection are limited to “attest” whether:

o   The service organization’s description of its system fairly presents the system as designed and implemented throughout the specified period (or in the case of a type 1 report, as at a specified date).
o   The controls related to the control objectives stated in the service organization’s description of its system were suitably designed throughout the specified period (or in the case of a type 1 report, as at a specified date).
o   Where included in the scope of the engagement, the controls operated effectively to provide reasonable assurance that the control objectives stated in the service organization’s description of its system were achieved throughout the specified period. SOURCE: ISAE 3402, Para. 8(a).

For Type 2 assessments, the report will provide assessments of whether:

a. The service organization management’s description fairly presents the service organization’s system as designed and implemented throughout the specified period;
b. The controls related to the control objectives stated in the service organization’s description of its system were suitably designed throughout the specified period; and
c. The controls related to the control objectives are operating effectively as stated in the service organization’s description of its system. SOURCE: ISAE 3402, Para. 9(k).

The key element is the “assertion-based engagement,” requiring the service organization’s management to describe their control objectives and procedures.

Audit Period vs. Audit Point. The new SSAE 16 rules will make some changes in the period covered by the assessment. In a Type 2 assessment under SAS 70, the description of the service organization’s control system was determined as of a specified date, rather than for a period. In a Type 2 assessment under SSAE 16, the description of the service organization’s system and the service auditor’s opinion on the description will cover a period (the same period as the period covered by the service auditor’s tests of the operating effectiveness of controls). SOURCE: AICPA.

Carve-Outs v. All-Inclusive Process Audits: Downgrade the User’s Rights in “Subservice Providers.” In the service supply chain, an outsourcing provider might subcontract some services to a “subservice provider.” In the new “attest”-based “assertion-reliant” assessment of controls, the outsourcing service provider can choose between an all-inclusive assessment (that includes subservice provider controls) or a “carve-out” assessment (that expresses no opinion on the suitability of design of controls or the operational effectiveness of subservice provider controls. Buyers of outsourcing services should know the difference and get assessments to cover the entire outsourced function. This issue arises at all sub-levels in the service supply chain.

Service Auditor’s Reliance on Service Provider’s Description and Representation Letter. The new accounting standards allow the “auditor” (“attest”-based inspector) to rely upon the service organization for a description of the control objectives and particular mandates. The service organization thus must specify the source of each control objective, such as by a particular law or regulation, or by another party (for example, a user group or a professional body). In essence, this shifts to the service provider a duty to define its regulatory environment by name and thus allows the assessment report to say there is “reasonable assurance” that the service provider complies with that legal environment.

In addition, the service organization must provide, in effect, description of the types of services it performs (such as SOW’s), the transaction processing and procedures manual (including procedures by which transactions are initiated, recorded, processed, corrected as necessary, and transferred to the reports and other information prepared for user entities), transaction reporting manuals). This approach reflects a maturity in the outsourcing industry, since every high-value service provider adopts such protocols as a core marketing strategy.

The service organization will now have to give a “representation” letter to the service auditor. This letter will disclose information that the auditor would normally have sought to identify using audit techniques. Such disclosures must include all information “of which it is aware” about:

(i) Non-compliance with laws and regulations, fraud, or uncorrected deviations attributable to the service organization that may affect one or more user entities;

(ii) Design deficiencies in controls;

(iii) Instances where controls have not operated as described; and

(iv) Any events subsequent to the period covered by the service organization’s description of its system up to the date of the service auditor’s assurance report that could have a material impact upon the report SOURCE: ISAE 3402, Para. 38.

Effectively, as a matter of fraud prevention, the new accounting standards (“attest” standards) will shift liability from the service auditor (for negligent discovery of lapses in the control environment) to the service provider. This puts the liability where the cash flow is deep, not where it is shallow.

Service Auditor’s Reliance on Internal Auditor’s Function. The new “attest” standards will allow the service auditor to rely not only on management’s description of the processes, but also on the service provider’s internal auditors. In a Type 1 assessment, the service auditor does not need to mention whether it relies on the work of internal auditors. In the Type 2 assessment:

if the work of the internal audit function has been used in performing tests of controls, that part of the service auditor’s assurance report that describes the service auditor’s tests of controls and the results thereof shall include a description of the internal auditor’s work and of the service auditor’s procedures with respect to that work. SOURCE: ISEA 3402, Para. 37.

In short, the “independent” service auditor can rely, if tested for reliability, on internal audits for Type 1 assessments without disclosing such reliance. Only in Type 2 assessments must such reliance be disclosed. Even then, however, it is not an “audit” but merely a compilation of information received from the service organization and the application of some “attest” procedures to review that work.

Suddenly, outsourcing customers will now need to know more about how internal auditors work and whether there are any special requirements for the customer to investigate. It’s a new world, with customers needing to fend more for themselves in audit and control processes.
Investors will need to make further assessments of their own, based on the changes in the intensity and level of “assurance” that outsourcing will not encounter excessive risks to the portfolio enterprise as an outsourcing customer.

Belt and Suspenders: New Challenges for Enterprise Customers. SAS 70 audits might still survive by special request from enterprise customers. The new SSAE 16 / ISAE 3402 “attest” model will challenge enterprise customers to become more familiar with security, BCP, DRP and other core control issues directly. Enterprise customers can thus begin to prepare a checklist for deal documentation, including both “attest” assessment reports and function-specific documentation that the enterprise customer must evaluate. Attest will be the belt, and direct documentation review will be the suspenders.

“Attest” Reports in the Cloud: A Good Time to Stop the Music. This shift in service auditor roles comes at a time when global enterprises are increasingly exploring data virtualization, software virtualization, platform-as-a-service (PaaS) and software-as-a-service (SaaS). Cloud computing creates a “perfect storm” showing the weaknesses of an “attest-based” “audit and control” function under SOX 404(b).

The new “attest” rules will encourage service providers to use “carve-out” principles to exclude subservice organizations from the scope of such security audits. Certainly in Web-based public cloud services a “carve-out” approach is the only feasible one, since, in Internet-based services, an “all-inclusive” service audit model fails. It is inherently impossible to do a service audit of all possible servers on the Internet.

Steps to Take Now. Whether you are a service organization or an enterprise customer, it’s time for a review of your “audit and control” rights and obligations relating to outsourcing.

o Impact Analysis and Assessment. Analyze and understand the impact of the shift from SAS 70 to SSAE or ISAE 3402 upon your company’s process audits, as well as all service delivery and transaction reporting processes.

o The impact affects your entire service supply chain, including you, your service customers, your service providers and all subservice providers who support you directly or who support your outsourcing service providers.
o Discuss with your auditors the anticipated impact of SSAE 16 and ISAE 3402 on their own audit report, particularly whether they will want to make any exceptions to their fairness opinion.

o Requirements for Type of Report. Decide whether you want an “inclusive” or “carve-out” approach to reporting on process controls.

o Accounting and Compliance Criteria. Identify the criteria for your organization’s evaluation of the sufficiency of your service provider’s description of its processes and its internal audit functions.

o   Identify issues affecting design of the control objectives.
o   Identify evaluation criteria.
o   Identify gaps between:

o control objectives and the evaluation criteria.
o control objectives and the most recent risk assessments.

o Scheduling and Planning. Time your rollout according to when the new SSAE 16 standard will apply. Fiscal years beginning on or after July 1, 2010 are affected. Consider the benefits and costs of adoption of SSAE 16 on your costs, marketing, customer service delivery mechanisms, process and procedure manuals, recruitment and training procedures and on audit and financial reporting.

o Subservice Organizations: Identify Impact, Define Requirements. Evaluate subservice organizations under the new SSAE 16 (or ISAE 3402).

o   Explore their own compliance intentions.
o   Determine whether they will issue SOC’s, and which type.
o   Discuss what type of “description” they will issue to a service auditor.
o   Identify whether they will use a “carve-out” or an “inclusive” scope for service audit, and consider the impact on your organization and how to mitigate the negative impact of a “carve-out” or an “inclusive” report for Tier 1 suppliers but a “carve-out” report for Tier 2 (and N+2) suppliers in your service supply chain.
o   Consider how that will assist or impair your own marketing and compliance efforts.
o   Conduct a customer survey to determine your customers’ needs.

o Legal Review. Review your existing outsourcing contracts.

o Identify your audit rights.
o Amend your contracts to ensure you can obtain the type of audit rights and reports that you may need under the new “attest” models.

o Change Management. Engage in change management for audit as part of the global sourcing process.

o   Communicate with all key stakeholders internally and externally.
o   Changes in requirements.
o   Change in risk assessment process to take into account the new gaps and structures of SSAE 16 and ISAE 3402.
o   Changes in procedures.
o   Redefine internal and external roles and responsibilities.
o   Training of affected personnel.
o   Changes in manuals.
o   Changes in contract management procedures.
o   Develop a procedure for being “audited” and for requiring “audits” under the new “attest” standards.

Time to get started. Even before Halloween!

Filed under: Newsletter Article
Tagged: AICPA, Attestation, ISAE3402, risk management, SAS70, Service Audit Standards, service provider, SOC, SOX, SSAE16, subservice providers, Type 1 assessment, Type 2 assessment

Outsourcing Law & Business Journal™: April 2010

April 29, 2010 by Bierce & Kenerson, P.C.

OUTSOURCING LAW & BUSINESS JOURNAL (™) : Strategies and rules for adding value and improving legal and regulation compliance through business process management techniques in strategic alliances, joint ventures, shared services and cost-effective, durable and flexible sourcing of services. www.outsourcing-law.com. Visit our blog at http://blog.outsourcing-law.com for commentary on current events.

Insights by Bierce & Kenerson, P.C., Editors. www.biercekenerson.com

Editor’s Note:

Three recent events conspired to produce our article about trade secrecy risks in this month’s newsletter; they were the conviction of a Rio Tinto employee in China, the signing of a mutual legal assistance treaty between the U.S. and Algeria, and the on-going investigations of hiring practices of tech companies, using non-competition covenants, by the U.S. Dept. of Justice. As a result, we are providing you with a checklist of questions that you need answers to before your company shares confidential business information during the course of contract negotiations. Read on…

Vol. 10, No. 4 (April 2010)
_______________________________

1. Managing the New “Trade Secrecy” Risks in Global Sourcing: Criminal Theft, Criminal Negligence, Espionage, Bribery, Antitrust and Cross-Border Law Enforcement. Trade secrecy risks arise whenever an enterprise shares confidential business information with a supplier, service provider, joint venturer or customer. Trade secrecy protection measures should be planned and implemented through appropriate non-disclosure covenants by the third party and possibly even its employees and others in the value chain. Current trade secrecy are reflected in three seemingly disparate events: the Rio Tinto employee economic espionage and bribery case in China, the U.S. Department of Justice’s investigation into the anticompetitive use of non-competition covenants (“non-competes”) by high-tech companies and the Algerian-U.S. Mutual Legal Assistance Treaty (“MLAT”).

These three current events suggest that both enterprise customers and their service providers take a second look at their current practices for protecting trade secrets. At the end of this article, we offer a series of questions that need answers before any kind of outsourcing – indeed, any cross-border data flow — can take place. Such questions offer a basic refresher course, with “James Bond-compliant” updates, on challenges of trade secret protections in global operations. For more on trade secrets, go to http://www.outsourcing-law.com/2010/04/managing-the-new-trade-secrecy/

2. Trade Secrets. Chinese Criminal Law, Article 219, imposes criminal liability for improper conduct relating to “commercial secrets.” The Criminal Law has only a vague definition of “commercial secrets.”….On March 25, 2010, the State-owned Assets Supervision and Administration Commission (“SASAC”) adopted regulations on commercial secrets applicable to approximately 120 state-owned enterprises (“SOE’s”)….The regulations were announced on April 26, 2010, shortly after the convictions of certain Rio Tinto employees of bribery and theft of commercial secrets. For the complete article, go to http://www.outsourcing-law.com/2010/04/trade-secrets/

3. Humor.

MLAT, n. (1) mutual legal assistance treaty; (2) milk-flavored coffee latte; (3) multi-legal aptititude test.

Trade secret management, n. (1) Hear no evil, see no evil, speak no evil; (2) keeping secret how you keep your secrets.

SOE, n. (1) state-owned enterprise; (2) social oriented environmenta; (3) sorry out of energy.

4. Conferences.

May 10-12, IQPC’s 7th Annual HR Shared Services and Outsourcing Summit, Chicago, Illinois. This event will be a gathering for corporate HR & shared services executives from companies across North America to exchange ideas, develop new partnerships and discuss the latest tools, technologies and strategies being employed in the profession to enhance departmental efficiencies and propel corporate growth. The event will focus on the most current topics in the HR shared services industry including metrics, automation, outsourcing, globalization, compensation & rewards, benefits and an overall focus on the new strategic role of HR shared services.how to tackle change management, analyze current and future projects and further develop the instrumental key areas within HR shared services. Visit their website at http://www.hrssoutsourcing.com/Event.aspx?id=270796 to register and get more information.

May 17-19, IQPC presents its Information Retention & E-Disclosure Management Summit, London, UK. This is Europe’s premier event in this field, designed to help you steer your organisation successfully through lawsuits and regulatory inquiries. Topics include:

Fast track your understanding of the Civil Litigation Costs Review: Hear directly from Lord Justice Jackson and engage in debate with our acclaimed international Judge’s panel
Develop a legally defensible and technically sound Information Retention policy with a multidisciplinary approach with insights from Debra Logan of Gartner plus Pfizer, and Kleinwort Benson
Reduce risk, cost, time and complexity of eDisclosure with critical updates on advances in technology
Ensure compliance by sanity checking your strategy with the FSA and ICO

For more information, visit their website at http://www.informationretention.co.uk/Event.aspx?id=262244i

June 6-8, 4th Annual IQPC Shared Services Exchange™, Austin, Texas, United States, an elite event for shared services executives who are looking to develop new strategy, solve challenges and source partners that will allow them to create efficiency and drive more value out of their shared services centers.

This event will continue IQPC Exchange’s ongoing tradition of offering cutting-edge, strategic networking and learning opportunities for senior level shared services executives, combining conference sessions, one-on-one business meetings and numerous networking functions to allow executives to speak with their peers. With pre-scheduled one-on-one advisory meetings and personalized itineraries, the Share Services Exchange™ provides the opportunity to create an agenda that directly reflect the goals and initiatives of participating executives.

To request a complimentary delegate invitation or for information on solution provider packages, please contact: exchange@iqpc.com, call 1-866-296-4580 or visit their website at http://www.sharedservicesexchange.com/

July 14-16, 2010. IQPC Presents Shared Services for Finance and Accounting, Chicago, Illinois. The SSFA 2010 Summit brings together leading financial shared services experts to network, benchmark and learn through keynote presentations, interactive roundtables, case studies and discussion panels. This program will help you improve internal accounting processes, maximize your efficiency with less resources, make smarter sourcing decisions, and drive continuous value through your financial services. For more information, visit http://www.sharedservicesfa.com/Event.aspx?id=314126

September 26-28, 2010. IQPC Shared Services Exchange™ Event, 2nd Annual, to be held in The Hague, Netherlands. Shared Service Centres have long been seen as the cost saving centre of HR, Finance & Accounting and IT processes, but with changing employment trends and global challenges facing organisations, how can SSC’s continually offer service value?

Unlike typical conferences, the Shared Services Exchange™ , which will be co-located with the Corporate Finance Exchange™, focuses on networking, strategic conference sessions and one-on-one meetings with solution providers. The Exchange invites strategic decision makers to take a step back from their current operations, see what strategies and solutions others are adopting, develop new partnerships and make investment choices that deliver innovative solutions and benefits to their businesses.

To request your complimentary delegate invitation or for information on solution provider packages, please contact: exchangeinfo@iqpc.com, call +44 (0) 207 368 9709, or visit their website at http://www.sharedservicesexchange.co.uk/Event.aspx?id=263014

******************************************

FEEDBACK: This newsletter addresses legal issues in sourcing of IT, HR, finance and accounting, procurement, logistics, manufacturing, customer relationship management including outsourcing, shared services, BOT and strategic acquisitions for sourcing. Send us your suggestions for article topics, or report a broken link at: wbierce@biercekenerson.com The information provided herein does not necessarily constitute the opinion of Bierce & Kenerson, P.C. or any author or its clients. This newsletter is not legal advice and does not create an attorney-client relationship. Reproductions must include our copyright notice. For reprint permission, please contact: wbierce@biercekenerson.com . Edited by Bierce & Kenerson, P.C. Copyright (c) 2010, Outsourcing Law Global LLC. All rights reserved. Editor in Chief: William Bierce of Bierce & Kenerson, P.C. located at 420 Lexington Avenue, Suite 2920, New York, NY 10170, 212-840-0080.

Filed under: Newsletter
Tagged: compliance, hiring practices, MLAT, NDA, non-competition covenants, Rio Tinto, risk management, state secrets, trade secrets

Outsourcing Law & Business Journal™: December 2009

December 23, 2009 by Bierce & Kenerson, P.C.

Insights by Bierce & Kenerson, P.C., Editors. www.biercekenerson.com

Season’s Readings (and Greetings) from Bierce & Kenerson, PC, Outsourcing-Law.com and our E-newsletter.
Holiday Greetings and welcome to this first edition of an exciting re-launched Outsourcing-Law.com™ website and e-newsletter! We want your feedback on the new Beta site as well as your contributions of content on international jurisdictions or legal issues in governance, risk management and compliance. Please contact us. See you in the New Year!

Vol. 9, No. 12 (December, 2009)

___________________________

1. E-Discovery and Legal Process Outsourcing: EDRM Process Design and Choices between Outsourcing vs. Insourcing

2. When is a Contractual Limitation of Liability Invalid and Unenforceable? American Public Policy Exceptions to Exculpatory Clauses in Telecommunications.

3. Humor.

4. Conferences.

_______________________________

1. E-Discovery and Legal Process Outsourcing: EDRM Process Design and Choices between Outsourcing vs. Insourcing. State and federal rules of civil procedure and emerging common law of the discovery process impose significant costs on businesses that are engaged in litigation. Pre-trial “discovery” serves to narrow the issues in dispute by forcing the disclosure of records, including electronically stored information (“ESI”) for judicial economy, to narrow the scope of disputed issues for adjudication (such as through motions for partial summary judgment, admissions and prior inconsistent statements), and to speed the actual trial process. E-discovery has become a daily challenge for the General Counsel, the CIO, the COO and the Risk Management Department. They face a choice of policies, procedures and technologies for insourcing (such as by using forensic software and employed staff) or outsourcing for electronic records discovery management (“EDRM”) in e-discovery. This article explores some of the differences between insourcing and outsourcing in terms of records management / EDRM, legal requirements for protection and production of electronic records, project management in forensic record examination, litigation readiness, knowledge management, risk management, ethics and legal compliance. To see the complete article, please click here.

2. When is a Contractual Limitation of Liability Invalid and Unenforceable? American Public Policy Exceptions to Exculpatory Clauses in Telecommunications. An essential element of risk management in any commercial contract for the sale of services or goods is the clause limiting the vendor’s liability. In the sale of goods, the policy limitations are set forth in the Uniform Commercial Code, which invalidates clauses that deprive the customer of an “essential remedy” or the clause is part of an abuse of a consumer under a contract of adhesion, and under the federal Magnuson-Moss Warranty Act and similar state laws. In the sale of services, the policy limitations reflect common law, which may include a judicial analysis of regulations and the fundamental nature of the relationship between the service provider and the enterprise customer.

A decision by a New York State Supreme Court judge in November 2009 highlights the limits on exculpatory clauses under American jurisprudence under principles of gross negligence, willful misconduct, “special duty,” breach of the implied covenants of good faith and fair dealing and prima facie tort. In addition, other legal theories – such as fraud, intentional interference with business relationship, negligent misrepresentation, breach of the implied duty of good faith and fair dealing and prima facie tort – might not be available to enterprise customers for a simple failure by the service provider to deliver proper accounting information relating to its services. Click here for the complete article.

3. Humor.

Legal Process Outsourcing, n. (1) everything legal but not done by a lawyer; (2) everything done by a lawyer but not legal in your jurisdiction; (3) everything non-legal but legal because it’s paralegal.

Contract, n. (1) an enforceable expression of the meeting of the minds; (2) a meeting of the wallets

4. Conferences.

January, 24-26, 2010, IQPC Business Process Outsourcing and Shared Services Exchange 2010, San Diego, California. This is an invitation-only gathering for VP and C-Level senior Shared Services and Outsourcing executives made up of highly crafted, executive level conference sessions, interactive “Brain Weave” discussions, engaging networking opportunities and strategic one-on-one advisory meetings between solution providers and delegates. With a distinguished speaking faculty from McGraw-Hill, Ingram Micro and Pfizer, amongst others, the seats at the 2010 Exchange are limited and filling up quickly. We have limited complimentary invitations available for qualified delegates for a limited time. Please give us your reference ‘Outsourcing Law’ when inquiring. There are solution provider opportunities also available for companies who want to be represented. You can request your invitation at exchange@iqpc.com, call at 1866-296-4580 or visit their website.

January 28-29, 2010, Global Services Conference, Jersey City, New Jersey. Through the entire episode of the global economic meltdown, the global outsourcing services industry has seen the rise of a group of suppliers who are redefining many traditional management practices; changing the long-standing model for contracting offshore services; collaborating with clients in new ways; and gaining more control over outsourcing strategies. This conference focuses on these changes in the global services model and the learning from this period. For more information, visit their website

February 22-24, 2010, SSON and IQPC 8th Procure-to-Pay Summit, Miami, Florida focuses on “Fostering Smart Partnerships to Optimize Cash Flow and Deliver Positive Business Outcomes from End to End.” This Summit is all about making the most of your smart partnerships to increase cash flow and improve business outcomes as companies move away from a reactionary mode toward sustainable practices. While we may not yet be out of the woods, so to speak, it is clear that the economic landscape in 2009 has created opportunities for companies to create new synergies with their P2P partners to help promote growth for 2010 and beyond. For more information, click here.

February 24-25, 2010, IQPC’s 3rd E-Discovery for Financial Services Conference, New York, New York. Learn the Best Review, Retention and Destruction Procedures to Cut Costs and Response Time During a Financially Troubled Economy. This event examines, from the unique perspective of high-level financial executives, how the challenges of each financial sector intersect with e-discovery proceedings and processes. View the complete program agenda at www.ediscoveryevent.com/finance.

March 22-26, 2010, SSON presents the 14th Annual North American Shared Services & Outsourcing Week, Orlando , FL. Here’s a sneak peek of new and enhanced features, which include:

Speakers from Top Companies:Aramark, Arbys/Wendy’s, AstraZeneca, Chevron, Coca-Cola, Conagra Foods, General Motors, Kellogg, Kraft, Microsoft, Monster, NASA, Northrop Grumman, Oakley, Perdue Farms, Schering Plough, Warner Brothers and more
G8: Global Sourcing Think Tank Eliminating the White Noise: The first ever neutral platform to help shape a common industry agenda in the US
Under the C-Suite Spotlight with Rene Carayol, An Exclusive Onstage CXO Interview : Board-room revelations regarding shared service & sourcing model strategy
New, Strong, Business Outcome-Focused Content : 8 content-intense tracks, from Planning & Launching and BPO Evolution to IACCM’s Contracting to Collaboration
Enhanced Annual Features: Quick Wins Energizers, Speed Networking, Blue Sky Innovation Room for Mature SSO’s, and more.

Please contact Kim Vigilia directly at 1-212-885-2753 or at kim.vigilia@iqpc.com with your special code IUS_OSL_#1 to get a 20% discount off the all-access pass. You can also visit the website at www.sharedservicesweek.com.

March, 25-26, 2010, American Conference Institute’s 4th National Forum on Reducing Legal Costs, Dallas, Texas. This essential cross-industry benchmarking forum gathers together more than 30 senior corporate counsel and legal sourcing managers responsible for cost-reduction success stories, as well as leaders from law firms who are pioneers in the alternative fee world, to guide those in attendance on the complexities of keeping legal department costs in check. Now in its fourth installment, this event also offers unique networking opportunities with senior practitioners in the field, includingin-house counsel across a wide spectrum of companies and industries. For more information, visit their website.

******************************************

FEEDBACK: This newsletter addresses legal issues in sourcing of IT, HR, finance and accounting, procurement, logistics, manufacturing, customer relationship management including outsourcing, shared services, BOT and strategic acquisitions for sourcing. Send us your suggestions for article topics, or report a broken link at: webmaster@outsourcing-law.com The information provided herein does not necessarily constitute the opinion of Bierce & Kenerson, P.C. or any author or its clients. This newsletter is not legal advice and does not create an attorney-client relationship. Reproductions must include our copyright notice. For reprint permission, please contact: publisher@outsourcing-law.com . Edited by Bierce & Kenerson, P.C. Copyright (c) 2009, Outsourcing Law Global LLC. All rights reserved. Editor in Chief: William Bierce of Bierce & Kenerson, P.C. located at 420 Lexington Avenue, Suite 2920, New York, NY 10170, 212-840-0080.

Filed under: Newsletter
Tagged: contracting, Contracts, e-discovery, humor, Insourcing, Misrepresentation, outsourcing, risk management, sourcing

E-Discovery and Legal Process Outsourcing: ESIM Process Design and Choices between Outsourcing vs. Insourcing

December 21, 2009 by Bierce & Kenerson, P.C.

State and federal rules of civil procedure and emerging common law of the discovery process impose significant costs on businesses that are engaged in litigation. Pre-trial “discovery” serves to narrow the issues in dispute by forcing the disclosure of records, including electronically stored information (“ESI”) for judicial economy, to narrow the scope of disputed issues for adjudication (such as through motions for partial summary judgment, admissions and prior inconsistent statements), and to speed the actual trial process. E-discovery has become a daily challenge for the General Counsel, the CIO, the COO and the Risk Management Department. They face a choice of policies, procedures and technologies for insourcing (such as by using forensic software and employed staff) or outsourcing for electronic records discovery management. This article explores some of the differences between insourcing and outsourcing in terms of ESI records management, legal requirements for protection and production of electronic records, project management in forensic record examination, litigation readiness, knowledge management, risk management, ethics and legal compliance.

I. E-DISCOVERY AS A SUB-PROCESS OF RECORDS MANAGEMENT.

Record and Information Management (“RIM”) Policies and ESI Management (“ESIM”). The demands of e-discovery highlight the challenges of developing and managing effective governance policies and procedures for information of all kinds, including ESI, and the challenge of adopting and updating an ESI management (“ESIM”) plan for “business as usual.” The International Standards Organization has developed a records management standard (ISO 15489-1, at www.iso.org). ARMA International (www.arma.org) has identified eight standards for records and information management (“RIM”), namely, accountability, integrity, protection, policy compliance, retrievability/ availability, retention, disposition and transparency.

Memory-storage devices have proliferated, challenging the company’s records custodian. In addition to computers, there are cell phones, cameras (stand-alone or in cell phones), scanners, facsimile machines, USB “key” drives, backup hard drives and other storage devices. All pose a challenge for a fully compliant response to an e-discovery request.

Legal Requirements for Protection and Production of E-Records. Federal and state rules of civil procedure have evolved to include electronic records. See F.R.Civ. P. 26(b), 34 and 45 (subpoenas) and F. R. Evid. 901(a) (authenticity). State procedural rules have been adopted to implement the Uniform Rules Relating to Discovery of Electronically Stored Information issued by the National Conference of Commissioners on Uniform State Laws. [Copy available at http://www.law.upenn.edu/bll/archives/ulc/udoera/2007_final.htm]. Basic common law, statutory and civil procedure rules in e-discovery start with similar requirements:

Protection: preservation of ESI through a “litigation hold” to prevent inadvertent loss when a third party demand has been made, or it has become reasonably foreseeable that such a demand will be made, and ensuring that the in-house attorney’s instruction is actually implemented (for example, avoiding the inadvertent over-writing of storage and backup tapes).
Accountability: identifying the scope and “proportionality” of the e-discovery requirements in relation to the overall scope of the dispute.
Cost allocation: allocating costs that are reasonable to the producing party and costs that are unreasonable to the requesting party.
Cost management: using search terms and other cost-effective automated search technologies to get the reasonable or “agreed” coverage for the initial triage, fulfilling the approach that information technology can solve the problem of searching massive records databases using search technologies. See, e.g., Zubulake v. UBS Warburg, LLC, 2004 WL 1620866 (SDNY July 20, 2004, Judge Scheindlin) and other rulings in the same case, at 217 F.R.D. 309 (SDNY 2003), 216 FRD 280 (SDNY 2003) and 2003 WS 22410619 (SDNY Oct. 22, 2003).
Integrity (authenticity and identification of the e-record): identifying appropriate methods and procedures for ESI production, including the appropriate level and nature of legal supervision of forensic inspections, to ensure authentication under F.R.Evid. 901(b) by using circumstantial information such as the file access permissions, file ownership, dates when the file was created and when it was modified, other metadata and hash values for the record when copied to a forensic computer for analysis.
Accessibility: under the rules of evidence: identifying and managing risks of loss of evidentiary privileges by the mere use of electronic e-discovery tools and procedures.
Accountability for Non-Compliance: identifying the sanctions for culpable conduct, mainly, “spoliation” (intentional or negligent destruction of evidence) or negligent collection done by the record custodian rather than by an automated process, such as:

judicial issuance of an instruction to the jury that the jury may validly draw a “negative inference” (or “adverse inference”) from the fact that the offending party could not produce the normally available documents in support of its legal arguments, resulting in a conclusion that, if the “lost” or “destroyed” records had been introduced into evidence, they would have supported a negative conclusion as to disputed factual matters; and

judicial sanctions including an order to pay the reasonable expenses, including attorney’s fees, caused by the violation of discovery rules, where, for example, the adverse party incurred expenses to overcome the inability to access the “lost” or “destroyed” (spoliated) records.

Project Management in Forensic Record Examination. Within a holistic approach to ESIM, e-discovery tools and techniques can be identified along the continuum of “cradle-to-grave” (or more appropriately, “cradle to judge and jury”) progress. As a sub-process of electronic records management, an e-discovery process model can be used to identify the particular role or function of third-party software, in-house resources and an outsourcer’s resources. By looking holistically at the end-to-end chain of processes leading to satisfactory e-discovery compliance, under such a paradigm, the end-result, production and presentation of ESI, can be managed by effectively adopting either a total control at the “information management” level (when records are initially created and stored). The following is our own view of electronic discovery records management (“EDRM”) as a subset of an enterprise-wide holistic ESIM resource management paradigm for governance, risk management and compliance in e-discovery:

Litigation-Readiness: Converting “Business as Usual” IT into Information Management Operations for E-discovery. Information technology plays a strategic role in the enterprise’s ability to comply with e-discovery mandates. The enterprise’s legal department should team up with the IT department, the records management department and the line-of-business management to participate in the design – or re-design – of the enterprise’s information management operations and records management. E-discovery compliance features are now available through software that can troll the enterprise’s entire ESI, search for information according to a myriad of legal and business terms, technical parameters. In conjunction with the CIO and the records management department, the legal department can:

Gap Analysis: Conduct a “gap analysis” to identify which features are missing from those that are recommended or required under the applicable rules of civil procedure and common law, particularly those policies and procedures that involve data collection, classification, accessibility, storage, retention and destruction.
Strategic Access Plan: Develop a strategic access plan for the full life-cycle of “business as usual” and custody and control, including audit, of the company’s information and litigation-relevant information.
Process Design using an ESIM Paradigm: Apply the e-discovery records management sub-process of the enterprise’s holistic ESIM model to identify and segregate functions that will be performed by in-house or captive resources and those for outside legal counsel and outsourcing service providers.
Cross-Border Considerations: Integrate multinational and cross-border legal mandates into the design of the information technology and information management systems, at an early stage in the e-discovery process, to avoid breaches of foreign data protection and privacy laws when complying with U.S. judicial rules of procedure.
Integration of Internal and External Resources: Develop policies and procedures for use of outside litigation support services providers and an array of personnel and technology resources both domestically and internationally to fulfill e-discovery compliance mandates, without adversely impacting the ongoing business operations.

Litigation-readiness must be added to the selection criteria for new IT initiatives such as “cloud computing” (here, the “software as a service” model, not the “variable IT computing-power as a service” model), internal and external social networks, Twitter and internal and external collaboration platforms such as wikis, e-rooms and Google Wave.

Knowledge-Management Readiness: Managing and Protecting Corporate Knowledge. “Knowledge management” refers to policies, procedures and technology that enable an enterprise to capture, organize, identify, re-use and protect the confidentiality of its trade secrets. Knowledge management (“KM”) procedures must also enable the enterprise to distinguish among sources of confidential information that may be trade secrets, copyrights or patents of third parties (including “freeware” and “open source” software) as well. Accordingly, CIO’s must adopt KM planning strategies that, in conjunction with legal and compliance departments, also serve regulatory and legal requirements. The IT infrastructure needs to identify all such trade secrets during the e-discovery process so that, if disclosable, they are subject to non-disclosure and non-use under appropriate protective orders.

II. RISK MANAGEMENT

Risk of Spoliation by Employees and Contractors. According to one e-discovery service provider, a large majority of all corporate litigation is employment-related. If employees have access to change ESI, disgruntled or negligent employees pose a major risk of spoliation. Employees can unknowingly or intentionally destroy ESI evidence. Such actions can range from concealment (through downloading pirated software that deletes files on the employee’s web surfing history) to sabotage (actually deleting documents).

As a result, the legal department and the CIO need to develop IT-enabled solutions to prevent such acts. This article does not address this particular issue, but it highlights the need for appropriate design of the overall information management architecture as a preventive measure.

Risk Management. From the risk-management perspective, a proper defensive strategy will require an alliance between the company’s Legal Department, its Risk Management department and its IT department.

IT Role. The IT department needs to work with the Legal Department to ensure a proper chain of custody and proofs of authenticity.
Insurance. The Risk Management Department needs to help design and review the e-discovery process. Sanctions for spoliation have implications for coverages for directors and officers, employment practices, errors and omissions and general liability. The records manager needs to understand how the company’s Records Management (destruction) Policy meets e-discovery requirements.
Legal Department. The in-house Legal Department must not only manage the e-discovery process. It must design and manage effective records management policies, educate all employees about the e-discovery process and its role in management of risks, knowledge and records.

III. BUSINESS MODELS: INSOURCING, CAPTIVES AND OUTSOURCING

Business Models for Insourcing. Before comparing outsourcing and insourcing, it is helpful to consider the different business models in which an internal e-discovery operation can be financed. These models can be summarized:

Infrastructure Investment in a Complete e-discovery Toolkit. At the “high end,” the enterprise can make a capital investment in the essential tools of a fully “in-sourced” e-discovery operation. Such an investment will have significant payback for enterprises having a high volume of litigation with predictable volumes of e-discovery demands. Such enterprises will need to invest in all the people, process and technology necessary for the operation. If the operation is highly automated, it can be effectively managed onshore. If it requires substantial human review, part of the operation may be handled in offshore locations with remote access, security controls and other measures to prevent loss of confidentiality, competitive advantage and effectiveness. This leads to consider a captive e-discovery service delivery center. In this case, outsourcing can be a viable solution for that portion of the e-discovery process that requires supervised human review and analysis.
Pay-Per-Use Pricing. Where litigation is more volatile in terms of volume and timing, a “pay-per-use” pricing for insourced use of third-party technologies can prove cost-effective. This pricing model provides some benefits to enterprises that have very few litigations, but a large volume of ESI for assembly, analysis, protection and disclosure.
Consumption-Based Pricing. Consumption-based pricing reflects the volume of ESI being sorted and analyzed. This pricing model provides benefits for enterprises that want to allocate litigation costs to individual lines of business or affiliated companies, as a charge-back accounting principle that effectively rewards litigation-free business managers for staying away from the judicial system.

Relative Advantages of Insourcing.

Industries Affected by Persistent Litigation. Several software tools exist that allow in-house counsel and the CIO to conduct the full forensic discovery using staff employees. Internalization of the discovery process makes economic sense where the company is constantly involved in litigation. Such companies typically include insurance companies, banks, consumer products manufacturers, and can include food service chains and franchisees. Other companies that are subject to class action claims for torts or securities law violations can fall into this category as well, impacting virtually any publicly traded company that has a volatile stock price.
Control of Records Management; Cost Management. Software and IT services companies argue that insourcing can significantly reduce the costs of e-discovery. They argue that, by taking control of the forensic search, collection, analysis and processing of a company’s electronic records, companies have more flexibility and control over the manner in which these critical discovery processes are conducted. This control can translate into cost savings by enabling a closer supervision on-site by the internal lawyers.Cost savings must be compared to comparable external services.Cost savings that might arise from an easier ability to make small changes in the search criteria, for example, may result in a loss of the hard-wired “e-discovery plan” that serves as the basis of justifying to the court that the discovery disclosures comply with civil procedure to locate and disclose all relevant records.
Protection of Trade Secrets and Intellectual Property. Insourcing, or using captives, can provide a significant level of additional protection for knowledge management, trade secrets and intellectual capital. Such protection comes at the cost of maintaining internally controlled resources. Outsourcers will claim that their security levels are higher than those in many global enterprises. Outsourcers offer personal non-disclosure covenants by individual employees. But there is always a risk, whether through insourcing or outsourcing, that the personnel having access to trade secrets, for example, might abuse their positions of trust through tipping a securities investor, selling the ideas to a competitor of the enterprise or other tortious conduct. Even a non-disclosure agreement does not constitute a valid non-competition covenant, and even non-competition covenants are unenforceable as a matter of public policy unless strictly limited in time, territory and scope, and (in California and some other jurisdictions) they may require additional payments of consideration. In short, neither insourcing nor outsourcing appears to have a clear advantage in this field, except that e-discovery managers who are employed by the enterprise might offer an advantage by having ongoing knowledge of what is (and is not) a trade secret for faster, better, “cheaper” claims to a protective order.
Effectiveness of Coordination and Collection of ESI. The use of skilled internal people who know the company’s operations may be able to provide better collection and coordination of ESI. However, “professional” e-discovery service providers may have the advantage in skills at the beginning as the company’s internal personnel become familiar with the processes and technology of e-discovery. Hence, insourcing might follow outsourcing until the processes can be internalized.
Reduction of Risks of Noncompliance with e-discovery Rules. Well-trained, well-supported internal personnel might be able to reduce risks of non-compliance in the typical e-discovery process.

Relative Advantages of Outsourcing e-discovery. Outsourcing of e-discovery processes may be costly, but it may be the best solution for several reasons. This requires an analysis of the relative merits. This “gating analysis” should include appropriate considerations of staffing, quality, ethical risks and speed.

Staffing. One of the key benefits of outsourcing, and one of the key parameters in selecting the right outsourcing service provider, is the service provider’s staff. The best outsourcers have developed a methodology for human capital management in the specialized field of e-discovery and related disciplines. The outsourcer designs a service delivery platform, recruits, trains and tests its staff in generic functions (including project management, information technology and security) and then offers this staff for custom-training on the litigating company’s particular process and e-discovery requirements.Using a business company to provide litigation support can run afoul of ethics and disciplinary rules applicable to the litigating company’s (or its law firm’s) lawyers. Law society rule in England will be changed if and when a pending draft law is modified to permit competent non-lawyers to perform tasks that might be considered the practice of law. Under applicable ethics opinions of the American Bar Association and various city and state bar associations, the in-house lawyer or outside law firm cannot escape certain core ethical duties:

to supervise the work of the outside service provider;

to avoid assisting in the unauthorized practice of law (“UPL”)

to ensure the protection of client confidences;

to avoid waiving any rule permitting a claim of legal privilege (and to rectify innocent or mistaken disclosures, see e.g., Fed. R. Evid. 502);

to avoid conflicts of interest;

to protect against data loss, theft or other act or omission that might constitute sanctionable spoliation;

to comply with the rules of court relating to e-discovery and management of ESI at all stages.

Vendor selection involves finding the right fit for the particular litigating company’s legal, regulatory, compliance, privacy, legal ethics and security requirements.

Service Level Metrics and Quality Considerations. Few internal employees want to live by performance metrics. Outsourcers live by “guaranteeing” service metrics and other quality parameters.

Offshoring Issues. In considering an offshore captive or an offshore LPO outsourcing, the company’s lawyers must evaluate special cross-border legal issues.

Export Controls. By transferring any U.S. data abroad, the company may require a license from one or more branches of the U.S. government. While commercial information may be subject to a general export license that does not require any notification, filing or administration, some information (such as software or design information that may have dual civilian and military uses) may require a specific license. Similar issues arise where the company’s ESI includes trade secrets, pending patent applications and other information that is subject to a required export license.
Data Protection. Data protection rules under HIPAA and other legislation may apply to the data being processed. Foreign LPO service providers must ensure compliance.
Privacy. Privacy rights arise from many legal sources and different jurisdictions. Depending on the source of any personally identifiable information (“PII”), any transfer of company records to a foreign LPO service provider may violate applicable rules. This issue suggests a proactive approach in the design and implementation of the company’s overall information management systems.
Third-Party Consent. The information in a company’s database may include information that is licensed under restrictive disclosure conditions or where a third-party’s consent is required by an applicable law. Third-party consent may be required.
Client Consent. The information in a company’s data base may also require the client’s consent
Political Risk. Foreign service providers come with a suite of political risks that could impair service quality, timeliness of service, confidentiality and other custody and control issues for the ESI and the foreign nationals accessing such ESI.

IV. PROJECT MANAGEMENT

Most effective e-discovery procedures will require effective integration of internal and external resources. The design, planning, implementation, performance, intermediate re-balancing and supervision of all resources remain, of course, in the hands of the company, and, in particular, in-house attorneys. The Legal Department (which is ultimately responsible) may wish to consult with “outsourcing lawyers” not merely with litigation counsel on achieving a flexible, cost-effective, efficient design, vendor selection and supervision, review of compliance with ethics rules and project management.

Evaluation Process. Companies evaluating an LPO solution for e-discovery (or any other LPO) should therefore carefully explore all relevant implications, design the program for compliance and quality of service, address special issues involving any cross-border data flows and other commercial, judicial rules, legal and ethical requirements.

Project Management Roles. Each LPO project requires thoughtful and careful attention to ensuring that all responsibilities of the different parties are aligned with their roles. Within the outsourcing model, there is room for designing and allocating roles and responsibilities to give in-house attorneys control of the process so that they can manage the ethical responsibilities. The introduction of the LPO service provider raises new questions whether the cost-controlling measures will impair (or improve) the quality of the outcome. External lawyers could also manage the service providers.

V. BUSINESS MODELS

Business Models. Currently, most LPO e-discovery services are conducted under business models of insourcing (including contract attorneys), captives and outsourcing.
New Models. Over time, companies and their legal counsel will become more familiar with the tools, alternatives and strategies for effective LPO, including identifying and assessing risks and evaluating a risk-benefit matrix. With greater maturity in capabilities, new business models for identifying and managing e-discovery processes, tools and personnel may evolve. The impact of cloud computing, platform-as-a-service, software-as-a-service, virtualization of both servers and client computing and mobile computing will challenge enterprises and their technology and legal service providers to integrate a holistic and global ESIM process to incorporate the EDRM subset as “business as usual.”

Filed under: Newsletter Article, White Paper
Tagged: Accessibility, Accountability, Agreement, cloud computing, Cost allocation, Cost management, data protection, dispute resolution, e-discovery, ethics, Insourcing, integrity, Knowledge-Management, Memory-storage devices, outsourcing, Policies and ESI Management, privacy, Protection, Record and Information Management, risk management, sourcing

When is a Contractual Limitation of Liability Invalid and Unenforceable? American Public Policy Exceptions to Exculpatory Clauses in Telecommunications

December 21, 2009 by Bierce & Kenerson, P.C.

An essential element of risk management in any commercial contract for the sale of services or goods is the clause limiting the vendor’s liability.

In the sale of goods, the policy limitations are set forth in the Uniform Commercial Code, which invalidates clauses that deprive the customer of an “essential remedy” or the clause is part of an abuse of a consumer under a contract of adhesion, and under the federal Magnuson-Moss Warranty Act and similar state laws. In the sale of services, the policy limitations reflect common law, which may include a judicial analysis of regulations and the fundamental nature of the relationship between the service provider and the enterprise customer.

This court decision is a stark reminder that the autonomy of contracting parties is always limited by public policy. Enforceability of contracts thus must include contract planning and negotiation, express limitations on remedies and conformity to public policy exclusions that invalidate certain exculpatory clauses. This interplay sets the framework for risk allocation, contract pricing, performance standards, dispute resolution and competitive strategy for the enterprise customer and the service provider.

I. The “Special Relationship” among Telecom Carriers

The Duty of Connected Telecommunications Carriers to Each Other. In this case, Empire One Telecommunications Inc. v. Verizon New York Inc. (__ N.Y.S.3d ____, Nov. 2, 2009 NYLJ, p. 21, cols. 3-4), Justice Carolyn E. Demarest ruled that one service provider cannot rely upon its exculpatory clause when it has a special duty due to a special relationship with its customer. The decision goes beyond a simple analysis of claims that include gross negligence and willful misconduct, which have long been judicially viewed as exceptions to the normal rule that contractual limitations of liability are enforceable.

Historical Monopoly, Regulated for Competition. The Empire case reflects special character of telecommunications services as a regulated utility. In the Empire One case, Verizon and Empire One were competitors. By virtue of the historical breakup of the prior monopoly held by AT&T over a decade before, Verizon controlled the transmission equipment and lines that carried the telecommunications for Empire’s customers. Under the Telecommunications Act of 1996, 47 U.S.C. 151 et seq.), Verizon had a statutory duty to provide certain telecommunications services to competitors like Empire. Empire was a reseller of Verizon services. Empire was allowed by federal law to interconnect its own network (and other networks) with the Verizon network.

Implied Duties. Under the Telecommunications Act of 1996, Empire was entitled to control the business relationship with the ultimate consumer because Empire enrolled them as its customers and Empire’s own equipment delivered the final connection to the customer. Verizon was carrying calls that were originated with other carriers (such as but not limited to Verizon) that terminated using Empire equipment. Under the Telecommunications Act of 1996, as terminating carrier, Empire is entitled to bill the customer for the service and make a profit by charging the interconnecting carriers that originated the calls for using Empire equipment to deliver the “last mile” termination services. All calls are logged into the billing system of Verizon, since it acts as traffic controller. Verizon equipment, as the glue of the telecom system, is capable of providing information on date, time, origination and destination and the duration of calls as well as codes (LATA identifiers, a valid settlement code, a valid originating local routing number and other validation codes used in billing) that enables interconnecting carriers to bill each other for services.

Failure to Provide Billing Records. Empire complained that Verizon had manipulated the call records that it delivered to Empire by stripping essential information needed for Empire to bill other carriers. Empire alleged that Verizon rendered the call records “useless for the very purpose for which they are intended”. Empire complained that such omissions prevented Empire from determining the originating jurisdiction or the types of telephone calls (mobile, land-line), thus depriving Empire of the ability to charge the originating carrier for the termination services by Empire.

Damages. Empire alleged its losses from 2004 to 2008 were approximately $2,500,000 in lost revenue plus approximately $160,000 in payments to Verizon for unusable billing records covering over 15 million telephone calls. The Empire court provided a refresher course in the liability that a breaching party is deemed to assume. A breaching party “is liable for those risks foreseen or which should have been foreseen at the time the contract was made.” Ashland Mgt. v. Janien, 82 NY2d 395, 403 (1993), quoted at Empire, page 22, col. 1.

Elements of a “Special Relationship.” The decision focused on the conditions that established a “special relationship” between one telecom carrier to another that used its telecom transport facilities (the equipment and the lines) for a fee. The decision focused on the statutory structure regulating public utilities for the public benefit, which, the court held, supports a finding of a “special relationship” between the service provider with a monopoly over the billing records and the service provider that needed the billing records to bill other carriers. “Public policy as reflected in the regulatory structure would also mitigate against enforcement” of the exculpatory clause. The concept of “special relationship” has precedents under prior New York judicial decisions where a public utility fails to perform its duty to furnish reliable service.

Unequal Bargaining Power. Verizon argued that there is no “special relationship,” and therefore the exculpatory clause is valid, where the service contract was negotiated by two sophisticated parties who negotiated in a commercial setting. Rejecting this argument, the court ruled there was clearly an inequality in bargaining power between the two public utilities since, in this case, the terms were not actually negotiated. To promote the public interest under the Telecommunications Act of 1996, the court said, Empire as customer should be afforded the “protection generally due a consumer when dealing with a utility with monopolistic control of the desired service.”

Published Tariff Filing. The general public policy against exculpation of gross negligence and willful misconduct was also written into the particular tariff that Verizon had filed with the public utilities commission.

Service Provider’s Termination of Service following Unresolved Billing Dispute. Other precedents under New York law dealing with Verizon’s wrongful refusal to provision telecom services have ruled that Verizon is liable for consequential damages to a reseller of telephone services over lines provided by Verizon where (i) Verizon had billed and actually been paid for a telephone feature that it had not actually provided (a “billing error”), (ii) the customer stopped paying for the feature allegedly not provided, and (iii) Verizon cut off the reseller from its network for non-payment. The court allowed the reseller to pursue lost profits as consequential tort damages for gross negligence or willful misconduct.

II. Other Classic Causes of Action when the Service Provider Fails to Perform Proper Accounting Services for its Services Performed

Gross Negligence. Under New York precedents, “gross negligence” must “smack of intentional wrongdoing.” Kalisch-Jarcho, Inc. v. Cit of New York, 58 NY2d 77, 385 (NY 1983). Gross negligence evinces a “reckless indifference to the rights of others.”

Fraud. Fraud involves (i) a false misrepresentation as to a material fact, (ii) an intention by the defendant to deceive the plaintiff by such false misrepresentation, (iii) justifiable reliance by the plaintiff on the misrepresentation, and (iv) damages caused by plaintiff’s reliance. Empire claimed each of these elements but the court dismissed the fraud claim since fraud claims cannot be used to duplicate the same elements of a breach of contract, where the fraud claim was “collateral to the contract” and not based on the same facts alleged as to the breach of contract. A fraud claim is insufficient if it merely alleges that a misrepresentation of an intention to perform services under the contract.

Implied Duty of Good Faith and Fair Dealing. Under common law, there is an implied duty of good faith and fair dealing in the performance of contractual obligations. Here, Empire’s claim that Verizon breached this duty was dismissed since it was equivalent to a claim for breach of contract.

Tortious Interference with Business Relations. In the Empire case, Empire as CLEC customer claimed that Verizon as service provider had interfered with Empire’s business relations by its failure to provide the call data needed to enable Empire to bill its interconnect customers. This legal theory requires the injured party to allege and prove (i) the existence of the actual or prospective business relationship with a third party, (ii) the defendant, having actual knowledge of that relationship, intentionally interfered with it; and (iii) the defendant either acted with the sole purpose of harming the plaintiff or used means that were dishonest, unfair or improper, and (iv) the defendant’s conduct thus injured the plaintiff’s business relationship.

In the Empire case, this legal theory was unsupported. Empire was unable to validly claim that Verizon’s failure to provide interconnect customer billing information was directed to harm Empire’s customers, not merely to harm Empire. The court noted that Empire merely alleged that it was unable to invoice interconnect carriers for transiting its network due to the invalid and inadequate call records that Verizon sells to it. “Empire’s inability to bill these third–party carriers, however, would not induce these carriers not to do business with Empire.” Hence, Empire was unable to sustain a claim of intentional interference with business relationship.

Negligent Misrepresentation. Empire also claimed that Verizon was liable for consequential damages due to Verizon’s negligent misrepresentation. Such a claim depends on alleging and proving three requirements: (i) the existence of a special relationship or privity-like relationship that imposes a duty on the defendant to impart correct information to the plaintiff, (ii) the fact that the information was incorrect, and (iii) the plaintiff reasonably relied on the information to its detriment. It is a question of fact whether there exists a “special relationship” sufficient to justify plaintiff’s legitimate expectation that the information would be true and accurate. In this case, the tariff and the contract were worded in a manner that denied this type of special relationship to Empire.

Prima Facie Tort. Empire unsuccessfully alleged that Verizon was liable for “prima facie” tort, a unique common law tort theory under New York law. The requirements for alleging and proving such a cause of action include (i) the intentional infliction of harm, (ii) which causes special damages, (iii) without any excuse or justification, (iv) by an act or series of acts that would otherwise be lawful, and (v) that the disinterested malevolence was the sole motivator for the defendant’s harm-causing conduct. Empire failed to allege the last point, which it probably could not prove since reaping unfair profits is not an act of malevolence but rather an act of greed.

III. Lessons for Everyone

The Empire One decision was framed in the area of telecommunications and invoicing. Separate from the area of regulated public utilities, it offers nonetheless several practical lessons for structuring an outsourcing agreement:

Exculpation is Limited. Public policy exceptions for gross negligence and willful misconduct are implied in every contract, whether or not included contractually.
Mutually Agreed “Special Relationship.” A “special relationship” may exist, and the service provider’s exculpation might not be valid or enforceable, where the enterprise customer depends on the service provider to provision the service,
Mutually Agreed Consequences. As a contracting matter, the parties should identify the consequences if the service provider suspends service while there is a dispute over adequacy of its provisioning of services, over billing for past services and for the customer’s inability to obtain alternative services in the spot market without consequential damages.
F&A Services: Special Negotiating and Drafting Issues. Legal theories of fraud, intentional interference with business relationship, negligent misrepresentation, breach of the implied duty of good faith and fair dealing and prima facie tort do not give any remedy to the enterprise customer that loses revenue from an inability to use the service provider’s billing records to invoice its own interconnect customers. For “finance and accounting” outsourcing, this lesson means that inaccurate or insufficient accounting services need to be identified as a breach, and the quantum and conditions of “damages” for “direct damages”.

Filed under: Case Study, Newsletter Article
Tagged: contracting, Contracts, dispute resolution, enterprise customer, Gross Negligence, management, risk management, Special Relationship, telecommunications

“ObamaCare”: Promotion of Automation, Offshore Outsourcing and Job Losses; Penalizing Foreign Companies Based in Tax Havens (and Other Non-Treaty Countries)

November 16, 2009 by Bierce & Kenerson, P.C.

If enacted, President Obama’s healthcare reform would probably hurt domestic employment and accelerate automation, outsourcing and offshoring. It would change the economic incentives for keeping service industries in America. And it would hurt foreign-owned businesses whose ultimate parent company is based in a tax haven or other country that has no U.S. income tax treaty.

On November 6, 2009, by a paper-thin margin of 220 votes to 215, the U.S. House of Representatives passed the “Affordable Health Care for America Act,” H.R. 3962, the 1,990-page health care reform law that has been frequently called “ObamaCare.” If substantially adopted by the Senate and passed into law, the bill would impose significant new burdens on employers and self-employed persons.

Automate, Outsource, Offshore. As a result of the new mandatory taxes and/or health costs, American employers would be encouraged to automate processes, outsource many business functions to external service providers for more automation, and offshore many business functions. At a time when the U.S. unemployment rate is over 10%, this health care bill could permanently kill re-hiring in many service jobs that have been lost. It would encourage further globalization of American enterprises to establish foreign shared-service captives.

Taxing American Employers Encourages Export of U.S. Jobs. This version of ObamaCare would require every American citizen and lawful permanent resident (but not illegal immigrants) to enroll in a “qualified plan.” §§ 202 and 224. Every plan must be identical in coverages, except only for differences in co-payments and deductibles. § 303. If your employer fails to pay 72.5% of the cost of the “qualified plan” for individual plans (or a 65% share for your family coverage), your employer must pay an 8% payroll tax. § 412(b)(1). If you are the employer, your cost of hiring a U.S. employee would increase by at least 8% of the employee compensation. This would not affect independent contractors and consultants.

Part-time employees would be affected too. For part-time employees, the employer contributions are required in proportion of the average weekly hours of employment to the minimum weekly hours specified by the health insurance Commissioner for an employee to be a full-time employee. § 412(b)(3).

Small Business. Small businesses (with payrolls from $500,000 to $750,000 including owner salaries) would pay a lower tax in 2% increments for payrolls of $585,000 or more. § 413. If the small business has affiliates doing different businesses, they are aggregated for determining whether they get “small business” treatment. While small business might not consider offshore outsourcing, the House ObamaCare bill would encourage small business to automate and use independent contractors, staffing companies and outsourcing service providers domestically.

Taxation of High-Income Americans. The House ObamaCare bill would impose an additional 5.4% personal income tax on citizens and resident aliens earning $1.0 million per year (for married persons filing jointly), or $500,000 for individuals filing singly. This could be enough to encourage some high-earners to re-consider their personal tax planning and expatriation or non-residency for high-income years.

Hardships to Be Studied. The ObamaCare bill acknowledges that employer responsibility requirements may pose significant hardships. Yet it failed to take into consideration any special provisions for any employers by industry, profit margin, length of time in business, size or economic conditions (such as the rate of increase in business costs, the availability of short-term credit lines, and ability to restructure debt). Instead, the bill contemplates a future study of such hardships. § 416. The “hardships” listed do not include the impact of the ObamaCare system on the use of automation, outsourcing or offshoring.

Classification of Workers as Employees or Independent Contractors. The ObamaCare bill contemplates new regulations (in addition to existing tax and labor regulations) for “recordkeeping requirements for employers to account for both employees of the employer and individuals whom the employer has not treated as employees of the employer but with whom the employer, in the course of its trade or business, has engaged for the performance of labor or services” to “ensure that employees who are not properly treated as such may be identified and properly treated.” § 423(a). Existing regulations of the Department of Labor, the Internal Revenue Service and other agencies already address this issue. It will become a pivotal issue and encourage unemployed persons to set up new personal service companies or to work through staffing companies in lieu of permanent employment.

Individuals Taxed if Not Adequately Insured. For individuals who fail to purchase (or be covered by their employer’s purchase of) “acceptable” health insurance, the House bill would impose a federal income tax equal to 2.5 percent of a slice of income as especially defined in section 6012(a)(1)). § 501. Exemptions would apply to non-resident aliens, non-resident U.S. citizens, residents of U.S. possessions and religious conscientious objectors.

Collateral Targets: Foreign Business with U.S. Subsidiaries. Foreigner-controlled businesses would help pay for ObamaCare unless the controlling parent is in a treaty with a U.S. income tax treaty. The ObamaCare health “reform” would thus significantly increase the cost of doing business for foreign businesses that are not based in a country that has an income tax treaty with the United States. Amending U.S. federal income tax law (and bundling a tax provision unrelated to healthcare), the ObamaCare bill would require the U.S. subsidiaries of foreign-controlled companies to apply the normal 30% withholding tax on all deductible income paid unless an income tax treaty applies to the foreign-controlled parent company. “In the case of any deductible related-party payment, any withholding tax … with respect to such payment may not be reduced under any treaty of the United States if such payment were made directly to the foreign parent corporation.” Payments subject to withholding consist of passive income such as dividends, interest, rents and royalties. § 561, adding a new §894(d) to the Internal Revenue Code of 1986. The bill would apply to U.S. subsidiaries that are part of a “foreign controlled group of entities” that have a common parent that is a foreign corporation.

The U.S. currently has income tax treaties with 67 countries, including Russia, India, China and the Philippines. For the entire list, see http://www.irs.gov/businesses/international/article/0,,id=96739,00.html.

Foreign-controlled companies established in low-tax jurisdictions are targeted, including Aruba, Barbados, Bermuda, the British Virgin Islands, the Channel Islands (Jersey and Guernsey), Hong Kong and Panama. Formerly U.S.-based companies that moved their situs of incorporation from the United States to tax havens, such as Accenture did, will be directly affected.

However, the draft healthcare legislation would also have an impact on foreign businesses established in other industrial and commercial countries that provide significant levels of business process and IT services to U.S. enterprise customers. These countries include Brazil, Columbia, Costa Rico, Malaysia, Mauritius, South Korea and Taiwan. Companies in such countries that provide call center services, customer care and other remote offshore services would find that the cost of doing business in the United States is increased.

Conclusions. ObamaCare will cost American employers and American taxpayers. These costs will give a new comparative cost advantage to foreign service providers, assuming their ultimate parent company is based in a country with a U.S. income tax treaty.

Filed under: Newsletter Article
Tagged: business process, enterprise customers, healthcare reform, IT services, ObamaCare, President Obama, risk management, service providers, US

Tuesday, November 17, 2009 – Managing Knowledge, Compliance and Legal Risks in Sourcing of Global Talent

October 28, 2009 by Bierce & Kenerson, P.C.

Special Notice – Webinar on Sourcing of Global Talent

Managing Knowledge, Compliance and Legal Risks in Sourcing of Global Talent
Tuesday November 17, 2009, 11 A.M. – 12 Noon, Eastern Daylight Time U.S.

Speakers:

William B. Bierce, Esq., Bierce & Kenerson, P.C. – outsourcing lawyer
Larry Scinto, PA Consulting, Managing Consultant
Neil McEwen, PA Consulting, Managing Consultant

Agenda. This webinar will discuss the human capital management for the contingent workforce in our current economic climate. The speakers will address issues in designing a contingent workforce strategy, managing this contingent workforce, effective governance and the managing risks and legal issues that arise with the implementation of such a workforce. In this webinar, some of the questions that will be discussed are:

How do I put together an effective contingent workforce strategy to optimize my investment in contingent labor?
How do I ensure that my business customers are engaged in the case for change and buy-in to common technology, process, policy and governance?
How do I govern multiple providers and ensure effective performance and value for my investment?
What technologies should I be using to track provider/contingent worker utilization and performance?
How do I ensure that legal/regulatory/compliance risks are recognized and managed in all geographies where I operate?
How do I ensure that there is effective governance across the entirety of my contingent workforce?
How do I manage risk and compliance issues that arise through the implementation of a contingent workforce?

This webinar is by invitation only. To register, please click here.

Filed under: Webinar
Tagged: compliance, global talent, governance, human capital management, legal risks, Managing Knowledge, risk management

Shared Services in Lieu of Outsourcing: Offshore Captive Internal Bank

October 16, 2009 by Bierce & Kenerson, P.C.

Summary.

In making the classic “buy vs. build” decision in relation to services to manage sophisticated business processes, enterprises may elect to establish a captive enterprise to perform “shared services” for affiliates. The “shared services captive” is an alternative to buying outsourced services. But it is also an alternative to internal administration of a business process separately by individual departments, divisions or lines of business. Shared services captives can provide key advantages for diversified multinational enterprises, particularly as a cost-reduction technique when sales and sales margins might be eroding in a global economic downturn.

Captive Internal Bank.

Sony Corporation, the Japanese-based electronics and entertainment group, announced in June 2003 that it was planning a major expansion of intercompany banking services to help reduce financing charges and manage currency risks for all affiliates.

Cost Savings.
According to Sony’s managing director for Global Treasury Services, Mr. Hiro Kurihara (as quoted in an interview with the Financial Times), the London-based shared services operation will generate cost savings of approximately $30 to $40 million per year.

Risk Reduction.
In addition, Sony projected reduction of risks of changes in currency in connection with the settlement of intercompany transactions. Sony plans to offset foreign exchange risks with services — normally offered by money-center banks — of “automatic cashless settlements” and “automatic sweeping.” This requires investment in information technology and integration with others in financial services markets.

Centralization, Specialization and Scale.
Sony’s Global Treasury Services acts like a clearing bank for all affiliates. In this centralized function, the shared services affiliate can aggregate volumes of transactions that are generic, but whose handling requires specialized skills. As a result, economies of scale can reduce per-unit costs and increase focus on specialized transactions that internal financial executives in operating affiliates might not have, or might find difficult, time-consuming or costly to acquire. The Sony shared services affiliate reportedly manages 95% of the enterprise’s financial derivatives and exchange swap transactions.

Transition and Transformation.
The transition to an internal financial services captive is part of a global restructuring that will result in accounting charges of approximately $1.2 billion. Restructuring to include new, enhanced shared-services affiliates may help multinationals such as Sony to transform their services models by increased efficiency and cost management.

Integration with Insourced Transactions.
Establishment of a shared services affiliate requires careful attention to integration with other internal processes. The shared services affiliate must define its “services offerings” and enable managers in affiliated lines of business to use the services with minimal cost and delay. As a result, virtually all “shared services” are digitally integrated. The degree of integration may range from the use of telephones and e-mails to a web-enable Internet-accessible portal. As a result, shared service affiliates generally are purchasers of services and technology from third parties.

Integration with Outsourced Transactions.
Indeed, shared services providers may be the largest purchasers of outsourced transactions. For example, Proctor & Gamble was negotiating for a complete sale of its shared services affiliate to a global outsourcing services provider in 2002. When P&G was unable to obtain its desired sales price at for the services charges that it wanted, P&G chose instead to hire Hewlett-Packard to provide selective outsourced services to support its insourced “shared services” operation.

Advantages in Shared Services.

Shared services affiliates, or “captive” service companies, have many of the advantages of an outsourcing without any loss of ownership and control over business processes, technology, intellectual property and personnel. Shared services captives can develop and retain knowledge capital involving sophisticated business transactions that individual affiliates cannot acquire due to smaller volume of similar transactions. As the business process involved becomes more subjective and susceptible to business judgment, shared services captives retain an advantage over outsourcing because that very subjectivity might be a core competitive advantage and might not be scalable.

Risk Management in Shared Services.

Adoption of a “shared services captive” approach involves a number of risks that can be managed by treating the captive as an external service provider of outsourced services. Such techniques include:

adoption of “service level agreement” obligations, with financial incentives and consequences for failure, applicable to the management and employees of the shared services affiliates;
details concerning the integration of the captive’s services with those of the other operating companies or lines of business;
suitable insurance coverages;
suitable contracting procedures for outsourcing of certain perfunctory tasks of the shared services captive to independent outsourcing services providers;
human resources and intellectual capital management techniques for aggregation and accumulation of related processes and improvement in business processes, quality of service and optimal alignment with the key performance indicators of the core business’s mainstream operations.

Shared Services on the Continuum of Insourcing and Outsourcing.

In conclusion, shared services companies, or captives, perform roles that run along the continuum of fully vertically integrated insourced operations to a skeleton of core competencies supported by a network of outsourced operations. If a business process can be outsourced, it can also be insourced after the outsourcing. If it has been insourced, it could be structured more efficiently as a captive to look like an outsourcing. And once structured as an outsourcing, it could become a true outsourcing service provider to support non-affiliated customers, and could even be spun off to shareholders or sold to a strategic buyer. Thus, the captive shared services organization can mutate according to trends affecting customers, suppliers, corporate strategies, changing processes and changing marketplaces. In establishing internal captives, the lessons of outsourcing can improve performance and flexibility.

Filed under: White Paper
Tagged: Business Process Outsourcing, business processes, Cost management, outsourcing, risk management, service level agreement, service provider, shared services captive

Call Centers and Customer Relationship Management

October 16, 2009 by Bierce & Kenerson, P.C.

Thanks to Customer Relationship Management (“CRM”) software and low-cost, high-speed international telecommunications, a call center can be located anywhere in the world. While the legal issues in offshoring of any outsourced service can be complicated, the business issues are generally the same.

Who Should Outsource Call Center or CRM Functions?

Call centers connect your enterprise, its goodwill and operations, to your prospects and customers and, if you wish, even influencers of consumer behavior. Any high-volume consumer industry can benefit by outsourcing call center functions. These might include, for example:

health care
automotive
retailing
services to the household, such as oil and gas deliveries, electrical utilities and telecom providers
consumer electronics
wireless communications
financial services, including banking and brokerage
insurance
travel and hospitality
media

Scope of Services:

Since a call center can deliver any type of services that are capable of being done by telephone, enterprise customers need to classify the possible scope of services. This classification will suggest the key parameters for defining and achieving the intended goals of the call center. The following list is only an indication of some basic classes of outsourced call center services.

Customer Service and Support.
This type of service can be as simple as advising your customer about the information he needs from your data base, such as account balance, unpaid amounts, deadlines and credit balances. Or customer service can involve a complex decision tree involving a script that you prepare to determine your customer’s needs, complete an application or request for change of information, and execute your customer’s orders.

Technical Support / Warranty:
In helping your customers solve problems relating to your products or services, you want to be able to resolve all problems in the first call. Achieving high first-call resolution rates with lower per-call handle times can make a significant cost difference. To some degree, you remain responsible for success because of the way in which you plan the interaction based on manuals, scripts and decision trees. Technical support (or “telephone help desk”) can provide invaluable in retaining customer loyalty and avoiding costly product returns or service cancellations.

Sales, Bookings (travel reservations) and Customer Retention:
Your telesales department needs to convert inquiries into sales, and to retain customers upon expiration of subscriptions or upon other termination events in your customer relationship. Telesales are useful both at the beginning and the end of your customer relationship life cycle. As a tool for proactive outreach, customer retention programs can help sustain your bottom line.

Marketing Surveys and Research:
Outbound calling can identify potential customers, identify an existing customer’s interest in possible new products or services from your company and conduct inquiries about consumer preferences as to pricing and features of existing and new products. This can help your market positioning, promotional campaigns, product design, pricing and sales approaches. Outbound calling can also be used to clean up duplicates or stale information in your “old” data bases, validate existing information, for “data base scrubbing.”

We would welcome any suggestions to make our list more complete, and to identify any special needs that are suggested in the following list.

Ownership and Control Issues: Outsourcing vs. Captive (or “Shared Service Center”).

Call centers come in various shapes and types. You can outsource, or you can create your own foreign call center. Outsourcing is probably cheaper and faster to get started, but establishment of captive call centers can be achieved using external service providers to create the infrastructure, train the employees according to your requirements and help you manage the entire operation.

Criteria for Selecting a Call Center / CRM Service Provider.

Enterprise customers shopping for a call center or CRM service provider should identify key performance indicators (“KPI”) relevant to their industry. On a generic basis, enterprise customers should consider whether prospective CRM service providers offer any unique strategic insights that streamline operations, the strength of any IT-enabled data-driven relationships to your customers and, over time, the degree of continuous process improvement.

Countries.

Effective call centers are in Philippines, India, Ireland, Brazil, Mexico and Canada, are the typical suspects. Many foreign call centers will be integrated with domestic call centers for backup, problem escalation and culture-sensitive situations.

Legal Issues Affecting Enterprise Customers for Call Center Operations

Outbound Calls (from the Call Center to the Customer):
Outbound calls can be intrusive. For public policy reasons, such intrusions should be limited and targeted, as well as complying with applicable restrictions on calling. Legal issues in outbound calls include:

privacy of data and data protection
fair trade practices, including invasion of privacy, consumer protection and other local laws and regulations restricting access to the target customer or prospect
Force majeure, including terrorism, act of war and natural catastrophes
Currency exchange fluctuation
Termination conditions

Inbound Calls (from the Customer to the Call Center):

All Calls:
Any contact with a customer could build or harm your goodwill. Call centers needs to comply with the rules of etiquette as well as laws relating to abusive relationships.

International Outsourcing:
Offshore outsourcing contains a suite of unique risks. International risk management needs to be planned into the outsourcing contract and the methods of service delivery.

If you need any coaching, planning or legal advice, please let us know.

Filed under: White Paper
Tagged: call center, Customer Relationship Management, enterprise customers, outsourcing, risk management, service providers

Summary.

Captive Internal Bank.

Advantages in Shared Services.

Risk Management in Shared Services.

Shared Services on the Continuum of Insourcing and Outsourcing.

Who Should Outsource Call Center or CRM Functions?

Scope of Services:

Ownership and Control Issues: Outsourcing vs. Captive (or “Shared Service Center”).

Criteria for Selecting a Call Center / CRM Service Provider.

Countries.

Legal Issues Affecting Enterprise Customers for Call Center Operations

Publisher’s Blog