Codes of Conduct in the Outsourcing Environment: Practical Scenarios after Wipro Debarment and Raju / Satyam Fraud

Posted January 31, 2009 by   · Print This Post Print This Post

Implementing lessons learned from Enron and the Sarbanes-Oxley Act, “codes of conduct” have become an integral ongoing concern in supply chain management applicable to employees, suppliers, contractors, consultants, captive affiliates, outsourcers and joint venture partners. When a trusted supplier breaches that code of trust, the enterprise customer needs to identify available remedies and make informed choices about enforcing legal rights and effectively mitigating the risks. This article makes recommendations for best practices in risk management, business continuity planning, disaster recovery, and legal rights and remedies in case of adverse events associated with a breach of a code of conduct or code of ethics due to senior management fraud or innocent “improprieties” that were fully disclosed but not permitted. It takes inspiration from the Raju /Satyam fraud in early 2009 and the debarment of Satyam Computer Servers Ltd., Wipro Technologies and Megasoft Consultants from the World Bank list of eligible contractors for corrupt practices.

The apparently massive fraud by Satyam’s CEO B. Ramalinga Raju evokes new thinking about risk management in global services, outsourcing, captives and joint ventures. Preceding disclosure of this fraud, Wipro Technologies and Megasoft Consultants Ltd. had been barred by the World Bank from doing work with the bank’s headquarters. Wipro’s debarment is reportedly for four years after June 2007 for “providing improper benefits to bank staff,” while Megasoft was debarred in December 2007 reportedly for “participating in a joint venture with bank staff while also conducting business with the bank.” www.worldbank.org. In Wipro’s defense, its CFO Suresh Senapaty claimed, “If we knew about [the World Bank’s debarment policies], we wouldn’t have done it.” Wall St. Journal, Jan. 13, 2009.

Typical Ethical Issues. In the wake of the Enron scandal and the Sarbanes-Oxley Act of 2002 as a preventative framework for companies trading their securities in the U.S. securities markets, corporate codes of conduct have been widely adopted. In addition, the World Bank adopted its current Guidelines for Procurement under IBRD Loans and IDA Credits in May 2004 and revised them in 2006. The World Bank’s guidelines mandate ethical practices both during the procurement process and in performance of the outsourced contracts. “Improper”, corrupt, fraudulent, collusive or coercive practices violate the World Bank’s guidelines, which defined such practices as follows:

  • (i) “corrupt practice” [19] is the offering, giving, receiving or soliciting, directly or indirectly, of anything of value to influence improperly the actions of another party;
  • (ii) “fraudulent practice” [20] is any act or omission, including a misrepresentation, that knowingly or recklessly misleads, or attempts to mislead, a party to obtain a financial or other benefit or to avoid an obligation;
  • (iii) “collusive practice” [21] is an arrangement between two or more parties designed to achieve an improper purpose, including to influence improperly the actions of another party;
  • (iv) “coercive practice” [22] is impairing or harming, or threatening to impair or harm, directly or indirectly, any party or the property of the party to influence improperly the actions of a party;
  • (v) “obstructive practice” is
    • (aa) deliberately destroying, falsifying, altering or concealing of evidence material to the investigation or making false statements to investigators in order to materially impede a Bank investigation into allegations of a corrupt, fraudulent, coercive or collusive practice; and/or threatening, harassing or intimidating any party to prevent it from disclosing its knowledge of matters relevant to the investigation or from pursuing the investigation; or
    • (bb) acts intended to materially impede the exercise of the Bank’s inspection and audit rights provided for under par. 1.14 (e) below.
      ——————————————————————————–
  • [18] In this context, any action taken by a bidder, supplier, contractor, or a sub-contractor to influence the procurement process or contract execution for undue advantage is improper. Source: www.worldbank.org.

What Remedies for Breach of a Code of Conduct? A well-crafted outsourcing contract might provide remedies such as termination for breach, but as a practical matter the customer might have nowhere to go for at least three months and then would have the costs of transition after termination, re-sourcing and the loss of competitive pricing from the terminated deal.

So what can be done?

Classifying the Events. The enterprise hiring an outsourcer to contract for business process services needs to classify the “adverse event”, identify how it fits into the contract paradigm and then make educated strategies to prioritize and managed the new risks associated with the adverse event. Some “bad acts” are worse than others.


Change of Control. In January 2009, India’s Central Government stepped in to remove the entire board of directors of Satyam Computer Services Ltd. when the Chairman and CEO B. Ramalinga Raju confessed to a $1 billion fraud. American observers, thinking Sarbanes-Oxley and shareholder lawsuits were the only framework for dealing with a breach of trust, were surprised to learn that this triggered a little-used statutory right to remove the entire board of directors. Thus, the government relied upon Section 388B of the (Indian) Companies Act, 1956. The statute allows the Central Government to refer a case to the Company Law Board against directors or managers where circumstances suggest breach of trust, fraud, misfeasance, persistent negligence, failure to conduct business “in accordance with sound business principles or prudent commercial practices,” where the operations would cause systemic “serious damage” to the relevant trade or industry, or “in a manner prejudicial to the public interest.” (This needs to be read with Sections 388C, 397, 398 and 401 of the Companies Act, 1956, according to information suggested by Zia Moody and Bhavi Sanghvi of AZB Partners. Thank you.).

Does the government’s replacement of the board constitute a “change of control” where the government (upon a determination by the Indian Company Law Board) always has the right to do so? The company remains owned by the same shareholders, who retain the right to vote for the board when the government’s intervention ceases. So maybe the “change of control” clause does not cover this issue.

Certainly a “change of control” clause that is narrowly drafted will not give any remedy to the enterprise customer. Thus, where a “change of control” gives no remedy unless a competitor of the enterprise customer acquires control, the customer has no remedy.

Force Majeure. In a typical case of force majeure, the service provider’s failure to deliver services is excused when there is a governmental act. Where the service provider continues to perform according to the statement of work and all services, there would be no force majeure. Where there is a breach of performance obligations, the force majeure clause might not give adequate remedies if there is a significant delay between the event of force majeure and the remedies associated with it, including termination. During this hiatus, the enterprise customer has no remedies.

There are arguments that governmental intervention to replace management is not an act of force majeure since it does not prevent the service provider from delivering service. Rather, it only changes the service provider’s internal organization. Force majeure clauses rarely address such events.

The argument that replacement of management constitutes a force majeure event might have some basis where the governmental action deprives the service provider of the capacity to perform. This might occur if the government were to mandate a forced marriage of the affected service provider with a third party and the third party effectively prevents performance of services.


Unauthorized Assignment. Outsourcing contracts usually prohibit assignment by the service provider. In the absence of a “change of control” clause that fits, no assignment occurs where there is no change in control and no change in legal form.

Realistic Remedies. As a practical matter, exercising legal rights after a breach may not achieve the desired level of security.

Severity of the Ethical Breach. On January 11, 2009, the World Bank Group disclosed the debarred entities “in the interest of fairness and transparency.” ( click here for full article). If the contractor was engaged in a breach of ethics, the duration of debarment might be shortened if the contractor demonstrated a corporate compliance program acceptable to the World Bank and purged its past misconduct. In the outsourcing context, enterprise customers might similarly consider corrective actions taken by their service providers before leaping to terminate. In such cases, renegotiation may overcome the past impropriety.

Pulling the Trigger. When terminating any relationship, take proper aim, or you will shoot yourself in the foot. Termination cannot be undone and results in waste.

Best Practices. The Raju / Satyam fraud case underscores the need for balance in practical and legal risk management. The Wipro and Megasoft ethical lapses might have been unintended, but corrective strategies would be appropriate in each case.

Practical risk management in global services requires a team to ensure ongoing business continuity. The customer needs to identify and address the risks of loss of access to the service provider through effective project management, documentation control, service audit, backup service providers, relationship management with teams across geographical boundaries, retention of know-how in both process design and implementation and, most importantly, self-help. Indeed, the customer’s own business continuity plan needs to deal with the risks of loss of a supplier due to real force majeure, not just the legalities of “change of control” or “breach of contract.” Ultimately, the customer’s business continuity plan will identify and prioritize the spectrum of risks involved in risks in outsourcing (and not outsourcing). Such risk assessment and the design and management of risk mitigation strategies will gain renewed attention after the Raju/ Satyam fraud.

Legal risk management now involves a greater transparency and a more detailed roadmap to exit strategies. The legal profession will craft new rights (with probably the same old remedies) to counteract the adverse consequences of a serious breach of trust by any senior managers of a global services provider. (I have a few new ones too). Business management and advisors should be very careful to understand that it might not be prudent to exercise one’s remedies, and that a new legal remedy could actually create new risks for the service provider (and the customer) in the form of cascading consequences.