International Outsourcing - What Happens After Satyam?
This month Xerox announce a data center outsourcing deal worth more than $100 Million over six years with huge Indian service provider HCL Technologies. Under this deal, HCL will manage Xerox’s disaster-recovery preparation and consolidate Xerox's data centers in North America and Europe. As American and European companies continue to seek the cost savings of offshoring their vital business processes, the recently admitted mega-fraud announced at Satyam Computer Services Ltd. does not seem to affect their risk tolerance.
Most executives would agree that running data centers and managing disaster recovery would be important jobs to trust to an outside offshore company, and a hundred million dollars worth of service should be seen as financially significant. So how does a company like Xerox mitigate those risks and justify its decisions to the SEC? Certainly, conducting financial audits and SAS 70 audits can help, but it is likely that Satyam had passed those same tests. The same is true for operational risks and data security risk. There is no substitute for putting shoes on the ground with the prospective outsourcing vendors, sending in trusted examiners to review the books, interview the workers and manually inspect the operations.
Most companies looking to outsource important business processes are seeking trusted partners to integrate into corporate functions. In the Satyam debacle, State Farm chose to terminate its relationship after the trust disappeared, while GE continued with their contract. But should the Satyam disaster bring greater scrutiny to all outsourcing vendors, and if so, how do client companies force higher standards of review into their agreements? Simply calling for audits and reviews that were not negotiated into the original contract is usually not well received by the vendor in these intricate relationships
Alternatively, a customer company could terminate the agreement for cause, if possible, and then renegotiate. Such brinksmanship contains its own dangers, especially in fields where trust is crucial. Gartner predicts that the costs of offshore outsourcing are likely to fall between 5% and 20% over the next two years, in part because of contract renegotiation efforts. Companies wary of another Satyam could apply their newfound negotiating leverage to reduce costs, to build more accountability into the agreement, or both. Pushing for the lowest possible outsourcing prices can be counterproductive to managing the relationship risks.
US companies in major business process outsourcing arrangements should be looking at their contract termination provisions. Since most parties do not anticipate spectacular financial fraud as part of the relationship, it is seldom well addressed in the contract. In other words, an outsourcing customer rarely builds into its agreement the specific right to terminate the agreement or to punish the outsourcing provider where the provider’s underlying financials were built on lies. Instead, a North American customer of such services will have to either: 1) pay a termination fee if it wishes to terminate for convenience in this case, or 2) find a way to fit the provider’s crime into a general trigger for a “termination for cause” in the Agreement.
The customer can hope that a financial fraud leads to a different kind of contract violation that can allow termination for cause. For example, the Satyam fraud led to a sale of the entire entity, so Satyam customers who had built “no assignment/no transfer” terms into their contracts may have a way of changing providers without paying termination fees. Those outsourcing customers without such luck will have to rely on the fraud to lead to a violation of the outsource providers service levels, or for the fraud to trigger a more general term of default in the agreement, such as capitalization requirement (rare in these agreements), a general requirement of honesty and fair dealing, or a warranty or condition precedent that the outsource provider’s pre-contract representations about itself were truthful.
Will the Satyam fraud impact risk mitigation requirements imposed by Sarbanes-Oxley or by industry regulations? It is too early to understand how the admitted fraud will drive U. S. regulators to tighten risk requirements, especially in the current political mood that favors increased regulations on corporate operations. However, regulated or not, companies looking to outsource business processes are now on notice that even the largest and most apparently solid of outsourcing vendors must be carefully checked in all operational and financial aspects, and appropriately monitored through contract.
-- Ted Claypoole
Most executives would agree that running data centers and managing disaster recovery would be important jobs to trust to an outside offshore company, and a hundred million dollars worth of service should be seen as financially significant. So how does a company like Xerox mitigate those risks and justify its decisions to the SEC? Certainly, conducting financial audits and SAS 70 audits can help, but it is likely that Satyam had passed those same tests. The same is true for operational risks and data security risk. There is no substitute for putting shoes on the ground with the prospective outsourcing vendors, sending in trusted examiners to review the books, interview the workers and manually inspect the operations.
Most companies looking to outsource important business processes are seeking trusted partners to integrate into corporate functions. In the Satyam debacle, State Farm chose to terminate its relationship after the trust disappeared, while GE continued with their contract. But should the Satyam disaster bring greater scrutiny to all outsourcing vendors, and if so, how do client companies force higher standards of review into their agreements? Simply calling for audits and reviews that were not negotiated into the original contract is usually not well received by the vendor in these intricate relationships
Alternatively, a customer company could terminate the agreement for cause, if possible, and then renegotiate. Such brinksmanship contains its own dangers, especially in fields where trust is crucial. Gartner predicts that the costs of offshore outsourcing are likely to fall between 5% and 20% over the next two years, in part because of contract renegotiation efforts. Companies wary of another Satyam could apply their newfound negotiating leverage to reduce costs, to build more accountability into the agreement, or both. Pushing for the lowest possible outsourcing prices can be counterproductive to managing the relationship risks.
US companies in major business process outsourcing arrangements should be looking at their contract termination provisions. Since most parties do not anticipate spectacular financial fraud as part of the relationship, it is seldom well addressed in the contract. In other words, an outsourcing customer rarely builds into its agreement the specific right to terminate the agreement or to punish the outsourcing provider where the provider’s underlying financials were built on lies. Instead, a North American customer of such services will have to either: 1) pay a termination fee if it wishes to terminate for convenience in this case, or 2) find a way to fit the provider’s crime into a general trigger for a “termination for cause” in the Agreement.
The customer can hope that a financial fraud leads to a different kind of contract violation that can allow termination for cause. For example, the Satyam fraud led to a sale of the entire entity, so Satyam customers who had built “no assignment/no transfer” terms into their contracts may have a way of changing providers without paying termination fees. Those outsourcing customers without such luck will have to rely on the fraud to lead to a violation of the outsource providers service levels, or for the fraud to trigger a more general term of default in the agreement, such as capitalization requirement (rare in these agreements), a general requirement of honesty and fair dealing, or a warranty or condition precedent that the outsource provider’s pre-contract representations about itself were truthful.
Will the Satyam fraud impact risk mitigation requirements imposed by Sarbanes-Oxley or by industry regulations? It is too early to understand how the admitted fraud will drive U. S. regulators to tighten risk requirements, especially in the current political mood that favors increased regulations on corporate operations. However, regulated or not, companies looking to outsource business processes are now on notice that even the largest and most apparently solid of outsourcing vendors must be carefully checked in all operational and financial aspects, and appropriately monitored through contract.
-- Ted Claypoole
posted by Womble Carlyle at 2:28 PM
0 comments
