Insider Theft of Trade Secrets in India: Employee of Captive R&D Subsidiary Accused of Source Code Theft (and What You Need to Know About Protecting Your Trade Secrets Abroad)

October 9, 2009 by

In a global economy, which risks are greater: theft of trade secrets by a service provider or theft of trade secrets by an employee of a foreign subsidiary?  How can a global enterprise contain such risks in either case?  The story of theft of source code by an employee of an Indian research and development center highlights the need for proper strategies for risk mitigation in the face of the inherent risks of human nature.

Indian R&D Center, Site of Source Code Theft.

On August 4, 2004, Jolly Technologies, a division of U.S. business Jolly Inc., publicly reported that one of its employees at its Mumbai, India R&D center had misappropriated key ports of source code being developed along with confidential documents.   The trade secrets relate to one of its key products for the labeling and card software for the print publishing industry.

Profile of a Thief and a Theft.

Jolly Technologies was new to India.  Its center was established only three months prior to the trade secret theft.   The employee alleged to have stolen the trade secrets was a new hire.  The theft was done by simply uploading the source code to her Yahoo account.

Consequences to the R&D Center.

Jolly reportedly shut down its R&D center immediately to assess and contain the damage.  It also sought assistance from Indian police to deal with the matter as a criminal act.  The company’s investment may be a loss, and it may need to expend further resources to prevent the use by its competitors and other third parties of any stolen source code.

Security Precautions.

The theft shows how simple it is for any person with Internet access to misappropriate trade secrets.

  • Data Export Controls on Internet Access.
    Internet access may be essential to virtually all knowledge-economy employees, so management may consider that shutting off Internet access may be impossible.  The Affaire Jolly suggests that software development might need to occur in an environment that allows employees access to information but does not allow them to transfer certain types of information from a company computer to anyone via the Internet.   The advent of network administration software, XML metatags, html, virus sniffers and spam blockers may introduce technology that allows a company to prevent the transfer of source code to unauthorized Internet addresses.
  • Segregation of Function.
    Most software development projects start with modules and build into integrated suites of modules.  In the manufacturing sector, complex trade secrets may be protected by separating multiple manufacturing processes into separate functions and separating the component processes.  This can be done by either putting the component processes into different operations or by separating subassemblies from final assembly.  Software development could be structured similarly, though segregation of function reduces efficiency.
  • Background Checks.
    The new hire at Jolly Technologies might have been investigated for a possibly criminal background.  But background checks probably do not help with curious employees interested in studying stolen code or restructuring it for possible other purposes.

Legal Precautions.

The trade secret theft also highlights the weakness of national legal systems where, in the case of India, courts have historically taken a decade to decide civil disputes.  Whether establishing a foreign captive service subsidiary or hiring a foreign service provider, the legal environment and legal precautions are critical to risk management.

  • Statutory Protection for Trade Secrets.
    Most countries hosting R&D centers or outsourcing service centers are members of the basic international conventions on the protection of intellectual property.  Even China, by adhering to the World Trade Organization, now officially grants intellectual property rights under the WTO Agreement on Trade-Related Intellectual Property right (“TRIP’s”).  India has long been a member of the Paris Convention on Industrial Property and protects copyrights, patents and trade secrets.  As the Affaire Jolly demonstrates, it is not sufficient to have a legal right.  You need to have a credible forum for enforcing those rights.
  • Contractual Commitments.
    Well-advised enterprises require their employees by contract to abide by various policies and procedures, including respect for intellectual property rights and trade secrets of the employer and third parties doing business with the employer.  Contractual commitments are a basic requirement of any IPR protection.
  • Security Surveillance.
    Jolly’s security surveillance, by an internal audit, discovered the theft.  Pre-emptive security precautions cannot prevent fraud or theft, but surveillance can discover it.
  • Risk Mitigation after the Theft.
    After the horse has left the barn, how do you get it back into the barn?  In a global digital economy, the only solution might be to find some way to tag the digital works, just as ranchers did for their cows in the 1880’s.

    • Court Systems.
      Indian courts now have a commercial part that is intended to accelerate adjudication. It is not clear whether the Mumbai courts offer any real adequate forum, and even adjudication of civil liability does not automatically result in enforcement of a money judgment.  Access to court systems are so fundamental to investors and employers that the issue should become one of diplomatic entreaty (as the U.S. has done with China), investor due diligence, and recommendations by intermediaries such as trade associations (such as Nasscom and ITAA), venture capitalists, private equity funds and investors and multinational enterprises and their advisors such as international business lawyers and business process and sourcing consultants..  Ratings on access to judicial systems should be part of the due diligence in all international operations.

Other Measures.

Insurance may be available, but the consequential loss may be too high for a fair premium.

Conclusion.

In captives and outsourcing, IPR protection needs practical and legal protections.  Blatant misappropriation will continue as a matter of human nature, so risks can only be mitigated.   Effective methods of mitigation will continue to evolve.  Technology and IP lawyers should be consulted before international operations are launched.

Human Resources Outsourcing: Employment Manuals as Basis for Exceptions to the Employer’s Liability for Wrongful Termination of Employment and Defamation

October 9, 2009 by

Summary.

Human resources outsourcing involves facilitation of the employer/customer and management of its human resources. This includes assistance by the HR service provider in avoiding or limiting the risks of litigation by employees who are terminated for matters arising out of breach of contract and other policy issues that could embroil the employer in statutory liability. This article addresses issues relating to wrongful termination of employment under New York law and defamation.

Wrongful termination.

Prerequisites for a Breach of Implied Covenant of Good Faith and Fair Dealing. It is well settled (under New York law) that absence of an agreement establishing employment of a fixed duration, an in the employment relationship is presumed to be a hiring at will, terminable at any time by other party.” Gill v. Pathmark Stores, Inc., 655 N.Y.S.2d 623, 624 (2d. Dept 1997). Furthermore, New York law does not impose a duty of good faith and fair dealing with respect to the termination of an at-will employment agreement. See Nunez VA-T Financial Info, Inc., 957 F.Supp. 438, 443 (S.D.N.Y. 1997).

Obligation to Pay Commissions.

However, in certain circumstances an employment at will contract will result in liability for the employer when the employer has failed to pay the agreed commission, provided that the commission is calculable and not merely discretionary. Wakefield v. Northern Telecom, Inc., 769 F.2d 109 (2d Cir. 1985).

Advice for Employers.

Upon hiring, the employer and/or its HR service provider should ensure that the agreements of employment or terms of employment for a breach employee of an employer governed by New York law will specify conditions under which any bonus or commission has been earned.

Breach of contract.

Most employers that are well advised have adopted a series of policies and procedures applicable to their employees operations. These may include:

  • a compliance program, which may require employees to be responsible for reporting violations of a code of ethics;
  • a code of ethics, which sets forth the culture and specific rules governing conflicts of interest and other issues of potential impropriety;
  • an open door policy, in which issues of concern to employees should be available for discussion with their supervisors, and
  • a discipline and discharge policy, which permits certain discussions and opportunities for improvement in performance prior to termination, following a series of verbal and written warnings.

General Rule:  Manuals Set the Rules.

The use of such written employee manuals and codes of conduct do not create a basis for an employee to file a claim for breach of contract, where the employee manual expressly preserves the right of the employer to terminate the employment at will.

An Employer’s Policy Manual

Whether a policy manual successfully sets the rules depends on what it says about the “at will” nature of employment.  In one case, the policy manual stated:

The policies and rules stated in this manual are intended as guidelines for company employees and managers, and do not create a contractual obligation. The company is an “at will” employer and can terminate an employee’s employment at any time without notice, for any reason, with or without cause, unless an employee has a written employee agreement or is covered by a collective bargaining agreement which expressly limits the company’s right to terminate the employee’s employment at will.  Mirabella, v. Turner Broadcasting Systems, Inc. (___F.2nd ___, Judge Jones, NYLJ May 28, 2003, p.24, cols. 2-5,

Location of the General Policy.

It is important to note that such limitation applied under the table of contents and was therefore deemed to apply to all provisions contained in the manual, barring a claim for breach of contract based upon the terms of the manual.

Discipline and Discharge Termination by Employer.

In addition, with respect to the discipline and discharge provision of the manual, a reservation was significantly important, to support the reserved right to terminate, when the employer’s manual set forth a bold warning at the top of the page calling attention to the “at-will” nature of employment:

This policy is not intended to restrict or interfere with the company’s right to terminate or suspend employment in accordance with the terms of written employment contracts, or on an “at will” basis, without cause and without notice.

Employee’s Disclaimer of Reliance.

In addition, each new employee was required to expressly disclaim any reliance upon any kind of employment contract that was not expressly signed as an employment agreement. In that case, upon hiring, each employee signed a separate Employee Acknowledgement Statement approximately at the time of hiring, which stated:

I am aware that the policies and procedures contained in the Policy Manual do not constitute a contract of employment. The Company does not guarantee anyone employment for any specific duration or for any specific hours per week. I understand that employment with this company is on an at-will basis for an indefinite period unless terminated at any time by myself or by the company, or unless altered by a written employment agreement between myself and the Company which is signed by the President of the Company or an authorized officer of the Company. I understand that employees hired by this company may voluntarily leave employment and may be terminated by the employer, at any time and for any reason.

HR Outsourcing: Impact of Employee Manuals.

Generally, employment manuals are critical documents for the protection of the employer from claims of abuse by the employee. As seen in this case, a well drafted series of policy manual and Employee Acknowledgement Statement at the time of employment was sufficient to defend against a claim of wrongful termination by an employee who was terminated at will.

Thus, under the New York Court of Appeals rules, an express disclaimer of contractual rights in an employee manual bars an action by the employee for breach of contract based upon the terms of the manual. Barthelps Lobosco v. New York Tel. Co. / NYNEX, 96 N.Y.2d 312, 317 (N.Y. 2001). However, if a personnel manual states that employees may only be terminated for cause, such a provision is support of breach of contract claim if the employee detrimentally relied upon that limitation when accepting employment.

Slander.

Slander and libel are forms of common law defamation.

Definition of Slander.

To establish a claim for slander under New York law, a plaintiff must allege four conditions:

(1) A false and defamatory statement of fact;

(2) of or concerning the claimant;

(3) the publication of such statement to a third party; and

(4) injury to the claimant as a result. Scholastic, Inc. v. Stouffer, 124 F.Supp 2nd 2d 836, 849 (S.D.N.Y. 2000).

The injury element is presumed when “the defamatory statement takes the form of slander per se,” which may include statements that tend to injure the plaintiff in his or her trade, business or profession being slanderous per se. Albert v. Loksen, 239 F.3rd 256, 271 (2d Cir).

In disclosing the termination of an employee, New York law provides a qualified privilege to be available to a defendant when “a communication is made by a person with an interest or duty to make the communication and sent to a person with a corresponding interest or duty. Weldy v. Piedmont Airlines, Inc. 985.F.2d 57, 62-63, as 62, 61 (2d Cir. 1993). Further, a claimant (such as an employee) may rebut the defendant’s assertion of a qualified privilege by proving that a defendant (such as an employer) made the statement knowing that it was false or with reckless disregard as to its truth. Weldy, 985 F.2d at 62 (stating that

“[a] plaintiff may demonstrate abuse of the privilege by proving that the defendant acted (1) with common law malice.or (2) outside the scope of the privilege.or (3) with that the statement was false or with a reckless disregard as to its truth.”

Impact of Slander Principles on HR Outsourcing.

The significance of such employment law requirements for HR outsourcing is clear.

Employers and HR outsourcing service companies that engage in actions that, if they had been done by the employer would give rise to the liability of the employer, can be protected by compliance procedures. The HR service provider therefore should be fully familiar with the legal requirements for accordance of liability in connection with the employment transactions that it manages or administers.

At the same time, the employer is liable directly for such errors, the employer should maintain, as part of its retained team, compliance process managers familiar with applicable conditions.

The HR Outsourcing Contract.

The employer and HR outsourcing services provider must come to prior agreement that anticipates such litigation situations. The HRO agreement should alleviate risks relating to the liability of the parties arising out of the different threads of the employment relationship.

Business Intelligence and Industrial Espionage in Outsourcing

October 9, 2009 by

Boeing Loses $1 Billion in Transactions as Punishment, Escapes Debarment

Summary.

“Business intelligence” refers to the practice of collecting and analyzing competitive information in the marketplace to assist an enterprise in self analysis and redirection of its resources to maintain and improve competitiveness.  “Industrial espionage” refers to the clandestine methods of obtaining competitive information that is not publicly available.  As a legal matter, this distinction can have serious consequences. This case study offers some suggestions for staying on the right side of the law not only in business intelligence but also for internal audit controls and business ethics.

Boeing Punished.

In July 2003, the U.S. Air Force hit Boeing Company with the harshest punishment on any major U.S. military contractor in decades.  Boeing was found to have stolen thousands of pages of confidential technical documents of its archrival, Lockheed Martin Corp.  Boeing reportedly used such industrial secrets in submitting proposals to the Air Force in 1998 to provide satellite launching services.  As a result, the Air Force transferred to Lockheed the services of providing seven launches previously awarded to Boeing, and in addition awarded three more launches to Lockheed.

Boeing Escaped Debarment: “Too Big to Punish”?

Many commentators on the Boeing punishment have asserted that Boeing escaped debarment under the Federal Acquisition Regulations simply because it was too big to punish. The losses by other agencies would have been considerable.  Instead, the punishment related to the Boeing business segment that had allegedly violated the law, rather than to all other Boeing divisions.  This punishment reflects the difficulty of the Government’s use of the debarment process to protect Government interests when the supplier community is highly concentrated and consolidated.

The Economics of Business Intelligence.

Business intelligence serves a valid competitive purpose in the marketplace.  Gathering publicly available information:

  • sharpens the competition and increases opportunities for consumer and customer choice;
  • enables competitors to restructure their offerings of services and goods, often by restructuring key business processes for improved efficiency, reduced cost, better quality, a more attractive suite of services and goods and a broader appeal to a wider range of customers;
  • and improves the efficiency of markets, accelerating improvements in customer service and thereby improving the customer’s quality of life, integration of external services with in house services and other external services.

The Law of Business Intelligence.

The law of business intelligence is limited by common law and statutes that protect proprietary rights, privacy rights and intellectual property.

Debarment under the Federal Acquisition Regulations.

Causes of Debarment.
Debarment can occur based on conviction, violation of law or a serious or compelling cause. Debarment is a remedy available to the U.S. Federal Government under the Federal Acquisition Regulations.  The purpose is to exclude “ineligible” contracts from new bidding.

Violations. The debarring official may debar a contractor for a conviction of or civil judgment for:

(1) Commission of fraud or a criminal offense in connection with-

(i) Obtaining;

(ii) Attempting to obtain; or

(iii) Performing a public contract or subcontract.

(2) Violation of Federal or State antitrust statutes relating to the submission of offers;

(3) Commission of embezzlement, theft, forgery, bribery, falsification or destruction of records, making false statements, tax evasion, or receiving stolen property;

(4) Intentionally affixing a label bearing a “Made in America” inscription (or any inscription having the same meaning) to a product sold in or shipped to the United States or its outlying areas, when the product was not made in the United States or its outlying areas (see Section 202 of the Defense Production Act (Public Law 102-558)); or

(5) Commission of any other offense indicating a lack of business integrity or business honesty that seriously and directly affects the present responsibility of a Government contractor or subcontractor.

Nonperformance; Violations of Public Policy.
In addition, a debarring officer my debar a contractor, based upon a preponderance of the evidence, for:

(i) Violation of the terms of a Government contract or subcontract so serious as to justify debarment, such as-

(A) Willful failure to perform in accordance with the terms of one or more contracts; or

(B) A history of failure to perform, or of unsatisfactory performance of, one or more contracts.

(ii) Violations of the Drug-Free Workplace Act of 1988 (Pub. L. 100-690

(iii) Intentionally affixing a label bearing a “Made in America” inscription (or any inscription having the same meaning) to a product sold in or shipped to the United States or its outlying areas, when the product was not made in the United States or its outlying areas (see Section 202 of the Defense Production Act (Public Law 102-558)).

(iv) Commission of an unfair trade practice as defined in 9.403 (see Section 201 of the Defense Production Act (Pub. L. 102-558))

Violation of Immigration Laws.
Additionally, debarment is available as a remedy against a contractor, based on a determination by the Attorney General of the United States, or designee, that the contractor is not in compliance with Immigration and Nationality Act employment provisions (see Executive Order 12989). The Attorney General’s determination is not reviewable in the debarment proceedings.

Lack of Present Responsibility.
Finally, debarment may be imposed against a contractor or subcontractor based on any other cause of so serious or compelling a nature that it affects the present responsibility of the contractor or subcontractor.  Such a determination is more subjective than other reasons, and may include abuse of confidential information through industrial espionage or as suggested below, failure to maintain internal accounting records and a history of unethical business conduct.

Consequences of Debarment.

Debarment prevents an entity from being an eligible bidder on new contracts but does not terminate existing contracts.   Contractors debarred, suspended or proposed for debarment are also excluded from conducting business with the Government as agents or representatives of other contractors, from acting as subcontractors and from acting as individual sureties.   Exceptionally, an agency head or a designee determines that there is a compelling reason for contracting with the debarred supplier.    This exception leaves open the choice of sanctions for misconduct, and leaves the affected agencies free to decide to ignore the debarment for their own internal purposes. FAR 9.404.

Non-Procurement Common Rule.

Also, under the “non-procurement common rule,” debarred contractors may be ineligible for nonprocurement transactions such as grants, cooperation agreements, scholarships, fellowships, contracts of assistance, subsidies, insurance and other government benefits.

Existing Contracts Not Abrogated.

Notwithstanding the debarment, suspension, or proposed debarment of a contractor, federal agencies may continue contracts or subcontracts in existence at the time the contractor was debarred, suspended, or proposed for debarment unless the agency head or a designee directs otherwise.   In addition, the Governmental agencies may continue to order goods or services under purchase orders against existing contracts, including indefinite delivery contracts, in the absence of a termination.    However, agencies may not renew or otherwise extend the duration of current contracts, or consent to subcontracts, with contractors debarred, suspended, or proposed for debarment, unless the agency head or a designee authorized representative states, in writing, the compelling reasons for renewal or extension.

Business Judgment and Evaluation of Factors in the Decision to Debar.

Under the Federal Acquisitions Regulations (Section 9-406(a)), before arriving at any debarment decision, the debarring official should consider a range of business judgment considerations and an assessment of the impact on the government factors.  The list includes:

(1)     Whether the contractor had effective standards of conduct and internal control systems in place at the time of the activity which constitutes cause for debarment or had adopted such procedures prior to any Government investigation of the activity cited as a cause for debarment.

(2)       Whether the contractor brought the activity cited as a cause for debarment to the attention of the appropriate Government agency in a timely manner.

(3)       Whether the contractor has fully investigated the circumstances surrounding the cause for debarment and, if so, made the result of the investigation available to the debarring official.

(4)       Whether the contractor cooperated fully with Government agencies during the investigation and any court or administrative action.

(5)       Whether the contractor has paid or has agreed to pay all criminal, civil, and administrative liability for the improper activity, including any investigative or administrative costs incurred by the Government, and has made or agreed to make full restitution.

(6)        Whether the contractor has taken appropriate disciplinary action against the individuals responsible for the activity which constitutes cause for debarment.

(7)       Whether the contractor has implemented or agreed to implement remedial measures, including any identified by the Government.

(8)       Whether the contractor has instituted or agreed to institute new or revised review and control procedures and ethics training programs.

(9)       Whether the contractor has had adequate time to eliminate the circumstances within the contractor’s organization that led to the cause for debarment.

(10)     Whether the contractor’s management recognizes and understands the seriousness of the misconduct giving rise to the cause for debarment and has implemented programs to prevent recurrence

Proposed Debarment of MCI WorldCom.

Debarment may also be asserted for lack of adherence to internal controls over accounting and reporting systems and business ethics.  This argument was asserted against MCI (formerly WorldCom) on July 31, 2003, subject to administrative determination.

The argument is based on the contractor not being “presently responsible” because in this case, the contractor was alleged to have been previously involved in one of the biggest shareholder frauds in U.S. history and still suffered ten “material weaknesses” in the company’s internal controls.  In the case of the General Services Administration’s notification letter to MCI WorldCom assorting the proposed debarment, “A material weakness is a weakness found to be pervasive throughout an encore organization.  Each individual weakness is considered to be a significant control deficiency.  The acceptable standard is for a company to have no material weaknesses or of one is found for it to be promptly corrected.”

In MCI’s case, the GSA alleged that the company needed to implement “procedures and controls to review, monitor and maintain general ledger accounts. Implementing adequate controls on the general ledger is significant because that is where all of the company’s financial transactions are summarized for all of its accounts.”  MCI has promised to comply with Sarbanes-Oxley Act of 2003 by June 30, 2004 one year earlier than the statute requires.  MCI noted it is aware of the deficiencies and is cooperating with the GSA and investigating agencies.

What a Customer Should Know about an Outsourcer’s Key Personnel.

Concentration of Sellers in an Industry.
Ordinarily an enterprise customer should not have many concerns about the prior employment history of a major outsourcing services provider.   After all, the services provider’s business is to maintain the confidentiality of its customers’ confidential data.  Without the customer’s trust that its data will be protected, the customer will not engage in outsourcing.   If the outsourcing service provider is engaged in a tightly competitive environment with only a few competitors, the customer could become concerned that its confidential information might float around the industry and become known to multiple outsourcing service providers, particularly those who service the customer’s competitors.  Thus, the customer should be concerned about the normal employment and privacy protection polices practices and enforcement methods that the external services provider has adopted.

Employment Practices.
Employment practices are probably the most frequently abused methods of collecting competitive information in an illegal or wrongful manner.   Hiring an experienced person from a key competitor has long been a method of gathering competitive information.   If the person was in a position of trust and confidence, having had access to key competitive policy, strategy and tactical information,  the newly hired employee is in a position to damage his or her former employer’s business.  Outsourcing customers may properly inquire about a proposed contractor’s hiring process.

To Bundle or Not to Bundle Goods and Services: NASA’s Desktop Contract

October 9, 2009 by

Some bundling of goods and services is intrinsic to all outsourcing.  The advantages of bundling to the service provider have been touted by Lou Gerstner, who, while Chairman of IBM, observed that services are the “wrapper” in delivering goods and related services as a package  This case study comments upon the practice of bundling.

NASA’s Bundled Desktops.

NASA’s Inspector General’s Office announced in late July 2003 that NASA has overpaid by an average of 24% for computer accessories and supplies purchased through a $1.3 billion 1998 desktop IT outsourcing deal with multiple vendors covering desktop, server and communications equipment and support services.  The overspending reportedly occurred on the “Outsourcing Desktop Initiative for NASA” (“ODIN”).  Under the program, participating service providers are required to maintain at each NASA site that they support an online catalog of supplemental computer supplies and accessories, such as keyboards, printer cartridges and PDAs.  The catalog purchases were at prices above market levels because they were bundled with related services.The NASA Inspector General criticized the contract structure because of “unnecessary” product bundling with services (such as installation and maintenance support) and a failure to permit the customers to negotiate volume purchase discounts on products whose prices had fallen in the marketplace.

When is “Bundling” Necessary or Appropriate?

The NASA Inspector General’s report raises the issue of unbundling in long-term services contracts  The report highlights how a long-term outsourcing transaction that bundles goods and services is susceptible to criticism for market-driven elements for pricing of underlying products, where the service provider has committed to deliver installation and maintenance as “necessary” corollaries to ensure compliance with dependent service levels.

Necessary to Minimize Price. Bundling may be unnecessary if it inhibits the outsourcing customer from gaining access to the marketplace for underlying technology products that can be obtained in the marketplace. However, market access may need to be balanced against other considerations, such as the degree of retained control over the infrastructures that deliver the outsourced services.

Necessary to Ensure Service Levels. If the service provider is solely responsible for service levels that depend on the quality or condition of underlying technology platforms, the service provider may reasonably insist upon the right to ensure that such platforms are properly maintained.  Accordingly, the bundling of goods and services is usually tied to the SLA.  If the customer wishes to perform services within the scope of the outsourcing, such as purchasing software or computers, and installing them by the use of in-house personnel, the service provider may reasonably request exculpation from a failure in the service levels.  The essential business issue is whether the service provider must show that the customer’s failure caused the SLA breach.

The Balance.

In conclusion, bundling may be aggregated in some cases. A properly crafted agreement can provide both flexibility and control for the customer, without unnecessarily jeopardizing the service provider’s ability to deliver agreed service levels.

Outsourcing: Evolution From Single Supplier to Best of Breed

October 9, 2009 by

In a globalizing, services-based economy, outsourcing has rapidly grown in the last decade. Once confined to “low-value,” low-technology services such as a company’s in-house photocopy machines, messengers, food services and janitorial operations, outsourcing has moved “up the value chain.” At the same time, changes in the nature of outsourcing have led to a variety of other management tools such as multiple outsourcings for “best of breed,” greater internal discipline through “insourcing” under a “managed scorecard” and “shared services” subsidiaries. Roles and identities of service users are merging with those of service providers in a continuum of services.

This article focuses on the evolution of outsourcing in the last ten years and how new models have developed.

“Outsourcing” vs. “Out-Tasking.”

Outsourcing is the process of transferring to an external services provider (the “outsourcer”) the day-to-day responsibility for operating a business process of the corporate enterprise (the “user”). Typically, this involves a transfer of the personnel then employed by the user to the outsourcer’s payroll. Frequently, other assets are transferred as well.

In contrast, “out-tasking” is a more limited approach involving “contracting out” or “subcontracting” a task to a “consultant” or other service provider. This can run the gamut from individual projects for product development to a string of projects that are interdependent and require a certain workflow.

Types of Outsourced Services Today.

Currently, external services providers offer virtually any type of ongoing support for business processes. These range from human resources management, tax compliance, internal audit and real estate asset management to product design, manufacture, design, testing, marketing, logistics, distribution of goods and services worldwide. Given the right mix, one can “outsource” an entire enterprise. Indeed, some new businesses are based exclusively on Internet sales with outsourced support.

Deciding When to Outsource.

Outsourcing is suitable for many different situations. For publicly held companies seeking “efficient” and favorable share pricing, the earnings multiples generated by many capital-intensive assets might fail to support management’s high targets for ROI and ROE from “core business.” For such businesses, outsourcing allows liberation of capital from the constraints of price-earnings ratios and promote management focus on essential determinants of shareholder value. “Do the best, outsource the rest.”

For rapidly changing industries, outsourcing may be the tool of choice for obtaining rapid access to scalable production or to new technologies, a “partnership” with a recognized leader for transitional and long-term technology planning and marginal cost pricing for business processes requiring heavy capital investment.

In the context of mergers and acquisitions, divested companies need operational support from the day of a spin-off or split-off. Outsourced facilities can span the gap and give new management the necessary “breathing room” and allow focus on the core business. Outsourcing can also expedite integration of two merged companies with incompatible technical infrastructures.

Deciding What to Outsource.

In making any “buy” vs. “build” decision, as in outsourcing, financial considerations are critical. But the key driver is to distinguish between functions that are “core” (non-delegable) and those that are merely “essential.” Many “essential” functions are ripe for outsourcing under suitable conditions. For some enterprises, the “hard” decision is deciding what not to outsource.

The classic example of outsourcing revolves around information technology. Today, this field includes the converging technologies of data processing (especially using “enterprise resource planning” (ERP) and “supply-chain management” (SCM) software), telecommunications, Internet “e-commerce,” and remote processing through Internet service providers. In business and industry, this can involve both “back office” and “front office.” In financial services, it can even include the “middle office,” for compliance with financial reporting and securities laws.

At the “back office” level, this business function can be divided into a number of discrete elements. Customers rely upon, but rarely see

  1. the operation of a data center with mainframe computers running “legacy” applications,
  2. certain applications development and maintenance for custom programs,
  3. network administration for local area networks, wide area networks (including telecommunications) and now even “storage area networks” of storage devices for the burgeoning volumes of archival data and
  4. “help desk” services for employees with problems using the company’s information technology infrastructures.

At the “front office” level interfacing directly with the customer, outsourcers can provide “private label” services that allow a company to offer a host of resources that it does not own. In doing so, the company can specify in advance what it wants to do, how it wants to do it, and what it is willing to pay. By combining such services as customer relationship management, remote electric meter reading, electronic billing and the like, some new companies can sprout up to compete directly with “bricks and mortar” companies on a cost-effective basis without loss of service quality.

Evolution of Deal Structures.

In the early 1990’s, data services providers such as EDS, IBM, CSC, Perot Systems made their fortunes on long-term, monolithic packages of services covering a broad scope. The trend today is to find niche players to provide specialty services, but this requires significant supervisory and planning skills for the user enterprise. Sometimes one supplier acts as general contractor, or “first among equals,” and manages a consortium. Occasionally, joint ventures supplant the supplier-customer relationship, providing added incentives and risks for both sides. Current methodologies for competitive procurement of outsourcing services reflect the learning of former (or current) long-term deals. Renegotiation occurs regularly, but can only be effective if the necessary tools have been crafted into the deal in the first place.

Making It Work.

Senior management needs to be committed. After the deal is signed, in-house managers need to monitor and manage the supplier’s performance.

Done wrong, however, outsourcing can be a catastrophe. Multiple business risks are inherent in the outsourcing process.

If mismanaged, an outsourcing process could retard growth and result in unintended losses of momentum and key personnel. In such cases, the resulting disenchantment may swing the business process back to “insourcing.” However, “re-sourcing” to another vendor might prove more effective.

“Genetic Mutations” on Outsourcing: Shared Services, Insourcing, Managed Scorecard.

In the last five years, responses to outsourcing deals have generated the quest for “better” deal structures.

“Insourcing” is the process of bringing in-house a business function that was, or was at risk of, being transferred to an external service provider. “Shared services” subsidiaries provide common administrative functions for a group of affiliated companies.

To improve performance and forestall being outsourced, some in-house staffs are focusing on process improvement, sometimes agreeing to be managed as if they were external providers. In some cases, this reaction can produce self-management by “managed scorecard” techniques or in the establishment of “shared services” subsidiaries for cost efficiency. In either case, the “threatened” personnel then become external services providers of their own specialized, albeit generic, processes in the market.

The Independent Lawyer and the “Two Hat” Client.

Virtually every corporate user has the capacity to wear the two “hats” of “user” (in one outsourced business process) and supplier (in another). In major procurements, the assistance of knowledgeable “infrastructure services” lawyers can accelerate the process, reduce risk and facilitate future adjustments. For users-turned-suppliers, knowledgeable legal and business advisers can expedite the “go-to-market” strategy and achieve valuable payoffs in the selection, due diligence and negotiations phases.

Independent legal counsel with experience in both sides of these strategies can expedite and facilitate the process of determining the scope, selecting the outsourcer, negotiating the contract and ensuring implementation.

Sponsors of www.outsourcinglaw.com provide legal and practical business advice on the structuring and implementation of various strategies discussed in this article. For further information, contact one of our sponsors or Bill Bierce (author).

Replacing a Service Provider in Midstream: Case Study on Equifax Spin-off, Certegy’s Cancellation of EDS Contract and Hiring of IBM

October 9, 2009 by

Summary:

The termination of a long-term outsourcing contract in midstream, before the normal expiration, requires careful legal and business planning.  It may also require payment of a large termination fee.  In this case study, we analyze such a case involving the termination of an existing EDS contract and the transitioning to IBM as a new services provider.

Certegy’s Deal with EDS.

Certegy Inc. [NYSE: CEY]  is a publicly traded company that provides credit and debit processing, check risk management and check cashing services, and merchant credit processing services to over 6,000 financial institutions, 117,000 retailers and 100 million consumers worldwide.  Its 2002 revenue exceeded $1 billion.   It was formerly known as Equifax PS, Inc., a subsidiary of Equifax, Inc., which spun off its payment services businesses into what is now called Certegy, as of June 30, 2001.

Under the terms of an agreement apparently entered into before the spin-off, Certegy’s former parent (or Certegy) entered into an agreement with EDS for IT services that was scheduled to expire in 2009.   The agreement evidently provided for a termination fee if the customer wished to terminate for convenience.

The Spin-off
As part of the spin-off, Equifax, Inc. agreed to deliver Certegy certain information technology services.  But that agreement expressly disclaimed any commitment to deliver any contractual service levels.  Rather, Equifax agreed only to provide services in a commercially reasonable manner in accordance with any service levels specified on a particular exhibit. The indemnification provisions protected Equifax from claims by Certegy except in case of willful misconduct.  The spin-off company had no leverage.

The Fee for Termination for Convenience: Investor’s Perspective

As announced by Certegy on March 21, 2003, Certegy was to record a pre-tax provision of up to $10 million in the first quarter of 2003 for early exit costs associated with severing its existing services agreement with EDS.   Certegy’s Chairman, President and CEO, Lee Kennedy, reported that the termination fee was a good investment:

“IBM offers best-in-class computer operations support and has a proven track record with Certegy as a trustworthy business partner.  The early exit costs to be recognized in connection with terminating the EDS agreement represent an investment in our future that is projected to generate an internal rate of return of more than 20% over the next ten years.” [Emphasis added.]

Certegy did not announce how it might achieve that 20% internal rate of return or whether that rate applied to the $10 million termination fee or the projected $150 million to be paid to IBM over ten years.

By identifying a projected internal rate of return, Certegy may have begun a dialogue with its investors as to the structure of the deal and the rationale for the midstream change.  Materiality of disclosure might become an issue of the projected 20% IRR relating to the $150 million.

Certegy’s Deal with IBM.

In March 2003, Certegy announced a 10-year deal with IBM, with an estimated value of $150 million.

Essentially, Certegy’s focus on the IBM “on demand” services model must have represented a change in one or more essential elements of the scope, pricing, or service delivery methodology.   One may speculate that there were material differences between EDS’s and IBM’s deal structures, such as delivery platform, the territorial scope, the pricing structure of the services to be provided by EDS, a change in the actual volumes of services, a change in the bandwidth of upper and lower levels of baseline services volumes for pricing, or all of these circumstances.

Certegy had an existing relationship with IBM.  IBM was already providing IT services to Certegy’s United Kingdom and Australia operations.   The new deal reportedly “can provide” Certegy with “significant cost savings and future operational flexibility” through IBM’s “on-demand” technology services.

EDS’s Perspective.

EDS’s spokesman characterized this situation as not a “win” by IBM over EDS, but rather a decision by the customer to extend an existing relationship with IBM to additional territorial scope when EDS signed a deal with one of Certegy’s competitors.  The new deal allows Certegy to save money by standardizing on IBM as the sole provider across the world.  But the $10 million termination fee is probably not an adequate compensation for EDS’s lost profit remaining during the remaining unexpired term of approximately six years of the contract.

Best Practices.

Collaboration with a Competitor.
In its first Form 10-K filing with the Securities and Exchange Commission, Certegy identified EDS as one of its competitors: “The markets for card transaction processing and check risk management services are highly competitive. Our principal competitors include third-party credit and debit card processors, including First Data, TSYS, EDS, and Payment Systems for Credit Unions, third-party software providers, which license their card processing systems to financial institutions and third party processors.”  Certegy, Inc. Form 10-K, Fiscal Year ended December 31, 2001.

Termination for Conflict of Interest as a Termination for Convenience.
Customer’s normally do not get any right to terminate an outsourcing services contract merely because the service provider also provides services to a competitor of the customer  or because the services provider is, or becomes, a competitor of the customer in any line of business   As a general rule, no major service provider will agree to grant any exclusivity rights to its customers.  Exceptions do occur, and we would be pleased to consult on the types and circumstances of such exceptions.

Potential Conflicts of Interest as a Factor in Defining Scope.
Indeed, one challenge in identifying the proper scope of services to be outsourced lies in the risk that the outsourcing services provider could become a competitor of the customer’s prime business.  Certegy faced this challenge because its core business of credit and check processing approvals requires extensive investment in automation.   Similarly, large outsourcing service providers, such as EDS, IBM and CSC, enable such businesses as Certegy to piggyback on the outsourcer’s deep knowledge of the customer’s vertical industry and the outsourcer’s extensive ongoing investment in technology.

Consequently, the enterprise customer’s sole remedy is generally to ensure an exit strategy that defines conditions where the service provider might be considered to have a conflict of interest or special relationship with a competitor.  This issue merits careful attention and frank discussions in all phases of outsourcing, including scope definition, selection of the service provider and contracting.

Single Provider vs. Competing Providers.
In this situation, Certegy had adopted a strategy of having two providers of IT services.  One argument in favor of such a strategy might be that actual competition is a better than the fictitious competition of the benchmarking process.  More likely, this situation probably evolved without such a “grand strategy.”

Hidden Costs to the New Company in a Spin-off:  The Vendor’s Renegotiation Dilemma.
An outsourcing service provider in EDS’ position must identify the potential for an unhappy customer  to terminate early an existing profitable long-term relationship.  In this case, EDS chose not to complain publicly about the loss in service volumes due to the Equifax spin-off of Certegy.  One may speculate that the spin-off disrupted the efficiency of a well-established EDS service delivery.  The relevant press releases are silent on the disruption of services and the strain on a previously negotiated pricing model that the spin-off caused to EDS.  If the contract were being negotiated from scratch today, spin-off transition changes might have been the subject of negotiations.

In theory, the costs of severing the EDS deal and transitioning to IBM could have been paid by Equifax prior to the spin-off.  But the availability of EDS services was probably viewed as a benefit, giving Certegy time to operate independently after the spin-off, at least for a time.

Impact of a Spin-off on Design of Outsourcing Contracts.

The termination of the EDS deal appears to reflect a number of changes in the customer’s management perspective.

First, EDS’s loss of 75% of its share value over a 12 month period before March 2003 certainly caught the customer’s attention.   This elicited concerns about EDS’s ability to deliver the services as contracted, but really only addresses EDS’s ability to make large acquisitions.

Second, before and shortly after the spin-off, the customer engaged in a program of acquisitions.  As a result, outsourcing with a single outsourcer might have become more effective than having multiple sources of services, and the pre-existing pricing structure and scope became rapidly outdated.

Third, the contracts probably did not contemplate how the two service providers might collaborate, if necessary.   There is no mention in the press reports of this issue.   The customer probably did not have a plan for this possibility, so the customer had little choice but to move from one vendor to another.

Document Mismanagement: When the Customer Miscommunicates a Court Order to the Document Managing Outsourcer

October 9, 2009 by

Summary.

For corporations that have outsourced any process of document storage or management, electronic discovery procedures in litigation can be a nightmare.  The lessons of multiple mistakes by both the enterprise customer and the service provider leads us to suggest some “best practices” in relation to litigation management and document management for inclusion in the policies and procedure manuals that accompany sophisticated outsourcing transactions.   Ambiguity and confusion will reign as the “supreme law of the land” if there is no clarity in relation to processing special requests by the enterprise customer for special preservation or management of electronically stored documents.

Background.

UnumProvident Corp. hired IBM to manage certain electronic records. In a subsequent lawsuit by an employee of UnumProvident, a New York court ordered UnumProvident that it and its “agents” “shall not alter, destroy, or permit the destruction of, or in any fashion change any ‘document’ in the actual or constructive care, custody or control of such person, wherever such document is physically located.”   The order provided for the preservation of  a variety of documents, including claims files, policy and procedure manuals, medical files and e-mails for a six-day period.

Miscommunication by Client to Outsourcer.

In reviewing whether UnumProvident had complied with the protective order, a New York trial court determined that UnumProvident had failed to give clear instructions to IBM to preserve the necessary documents.  The court identified a number of problems:

  • The UnumProvident litigator had discussed with the Court the extension of the expiration of the parameters for the backup tapes, but “UnumProvident did not explore that option with IBM in any meaningful way.”   UnumProvident failed to identify technological means of transferring documents from backup tapes having specified expiration dates to backup tapes (or a hard drive or other electronic media) without any expiration date.
  • Both the enterprise customer and the outsourcing service provider were criticized for not having the necessary understanding of the technical steps necessary to preserve the protected documents.  “Neither [the customer’s enterprise security architect” nor the service provider’s Delivery Project Executive] had sufficient expertise to discuss the [document] preservation project in a meaningful way.  Neither of them took the steps that they needed to take to get sufficiently informed advice on the issues involved.”
  • UnumProvident failed to supervise the efforts of its enterprise security architect who had been delegated the task of preserving the electronic documents.  The UnumProvident enterprise security architect “was allowed to make critical decisions about how much and what email should be preserved pursuant to UnumProvident’s legal obligations.   In the end, [he] made his decision based on inaccurate information.  As a result, [one particular day’s] data was not preserved except to the extent that it still remained in an employee’s computer mailbox or had only been deleted within 14 days of the date of the snapshot.”

Outsourcer’s Errors in Compliance. IBM made only one mistake.  Once it realized the mistake, IBM quickly avoided further damage by excellent responsiveness.  The mistake was unintentional:

In creating the December snapshot [to preserve the records as requested by UnumProvident], IBM had unwittingly taken steps that caused the back-up tapes to re-enter the [rotating tape back-up] system prematurely, and as a result many [documents] already had been overwritten [when IBM did the first recovery test].

In this mistake, IBM “inadvertently reset the [rotating tape] settings so that the [rotating tape] retention protocols for the back-up tapes in off-site storage tapes so that the tapes expired before their scheduled time.”  As a result, the backup tapes were either recalled, reused and overwritten before they should have been, with a loss of data.   Neither UnumProvident nor IBM realized this had occurred, nor did they expect it.

After the failed restoration test, “IBM realized for the first time what had happened.  IBM immediately identified all server back-up tapes and preserved them.  It had already extended the [backup plan] expiration date protocol to 365 days as a result of its discussions” with the enterprise customer.

Thus, while IBM made a mistake, it appears that the loss was minimal, or, at least impossible to assess as of the time when the court rendered its decision.

Losses.

As of the court’s decision in September 2003, it was not clear whether the plaintiff had been injured by reason of the loss of protected data.  Other backups were located.  Other methods of proof might have been available to prove the same information.  Accordingly, the case is instructive for what happened, not for the legal consequences.

Best Practices in Document Management.

This case highlights some simple truths about document management in outsourcing.

Tape Rotation Period.
It is a false savings for a company to have a short period for the rotation of its backup tapes.  For any enterprise that is the subject of litigation, a short rotation period will increase the risk of inadvertent loss of data due to expiration or overwriting of data under normal data preservation and destruction policies and procedures.

Trap for the Unwary: Why every contract (or related policy and procedure manual) should address data management.
When the loss of data violates a court order, the loss becomes willful and subjects the enterprise customer to unpredictable losses that might arise from being foreclosed to present evidence that might have been supported (or rebutted) by the lost data.

Service Providers Should Warn Customers about Litigation Issues.
In this situation, both the service provider’s delivery executive and the customer’s executive failed to understand the requirements of the court order protecting documents. This confusion could have been avoided by establishing a “role and responsibility” matrix on third party demands for access to documentation.

Customer’s Duty to Warn the Service Provider.
Ultimately, as a litigant, the customer enterprise is subject to the severe penalties under court rules that may arise out of a willful noncompliance with procedural rules on pre-trial discovery and disclosure of evidence to the opposing party.  The customer has the burden of insisting on clear procedures.   The customer should take the initiative to warn the service provider of the need to make due investigation and implement appropriate protections of the documents and data covered by a protective court order.

Litigator’s Duty to Identify Potential Compliance Risk.
If an attorney’s client becomes subject to a protective order, the attorney should probably investigate promptly who is the custodian of the protected information and find a solution for compliance.  In this situation, the attorney seems to have passed the task off to an in-house attorney, who passed it off to a systems administrator, and no one verified the immediate compliance.  IMMEDIATE COMPLIANCE is what is required by the court order, so all attorneys involved in such situations should take an interest in not merely asking for compliance, but verifying it.   Of course, this notion would convert the trial lawyer to a project manager, but that should be not too difficult in view of the availability of e-mails and scheduling technology, as well as disaster recovery procedures, to implement a mini-disaster recovery plan.

Service Provider’s Sales Pitch.
Outsourcing will no longer serve as a reliable and safe business for the customer if the service provider makes mistakes in anticipating and responding to specific protective orders.   In this case, the service provider was unaware of the problem of overwriting of backup tapes until protected data had already been lost.

Relationship of the Enterprise Customer’s Adversary with the Enterprise Customer’s Service Provider.
In this case, the protective court order was addressed to the defendants and their respective “officers, agents, servants, employees and attorneys.”   One may question whether the attorneys for the enterprise customer’s adversary failed to obtain identification of who was custodian of the protected data.   There had been plenty of time to do so, since the process of getting to agreement on what documents would be protected (and not just a fishing expedition for any documents whatsoever) had taken time and was supervised by the court.  One may ask whether the plaintiffs’ outside legal counsel was not negligent in failing to try to identify such custodians so that the custodians could be notified, or even subject to court order, before protected documents had been overwritten.

Reference:
Keir v. UnumProvident Corp., __ F.3d __, NYLJ Sept. 4, 2003, p. 23, cols. 4-6, p. 24, cols. 1-5 (S.D.N.Y. 2003), Judge Cote.

Document Retention, Document Management and Data Warehousing in Outsourcing

October 9, 2009 by

Business enterprises must comply with a multitude of laws and rules governing the retention of business records.  Destruction or loss of business records could cause serious loss to the enterprise and its trading partners.  Fines might be levied under regulatory audits.   Documents supporting novelty, originality or date of reduction to practice might result in a loss of a business process patent.   In litigation, the enterprise might be unable to present evidence or rebut contradictory evidence.  Recognizing the need for electronic storage, legislatures and courts worldwide have adopted various “electronic signature” and “electronic documentation” statutes and rules allowing, as probative evidence, documents stored solely in electronic form, provided that certain notarial protections such as immutability (non-changeability), provenance and other customary factors for attesting to the origin and custody of the record are satisfied.  Records may also incriminate, so routine destruction of old records is advisable where no law or rule requires continued retention.

In response to such needs, service providers in logistics, storage, warehousing and data warehousing have developed an industry for the “life cycle management” of documents.  The life cycle includes document creation, gathering of related records, organization of directories and data bases under organizing principles, record storage, distribution, document retention, retrieval, accessibility, destruction and reporting and record keeping of the life cycle itself.  Such services involve different methods, cost structures and risks to the customer.

Recent jurisprudence establishes new rules governing “electronic discovery” under the Federal Rules of Civil Procedure.  The impact of such rules on document retention, document management and data warehousing in outsourcing should be clearly understood by both outsourcing customers and services providers.  Prudence dictates a number of “best practices” in records management in outsourcing.

Records Retention Policies and Procedures.

This article does not intend to list all laws that might require temporary or permanent document retention.  Rather, it is critical that each enterprise adopt policies and implement procedures for compliance with record keeping and record destruction requirements of law.

Right of Access to Records in Criminal Proceedings.

This article does not intend to discuss the right of the criminal defendant to obtain information, or the right of the prosecutor to obtain evidence through police investigations.  However, criminal negligence for corporate misdeeds is punishable under certain public statutes.  Accordingly, maintenance of “best practices” in records management could make a difference in outcomes for both the enterprise and its managers.

Right of Access to Records in Civil Dispute Resolution.

Right of Access to Records in Mediation.

Most business managers might agree to mediation if it is not onerous and does involve detailed is closures of business records.

Right of Access to Records in Arbitration.

In general, arbitrators have no mandate to compel adverse parties to engage in any disclosure or discovery phase for the identification of records that might have a relevance or probative value in dispute resolution.   The rules of arbitration of most common arbitral administration organizations generally do not require any such compulsory disclosure.

Right of Access to Records in Litigation.

Mandatory Discovery.
The U.S. Federal Rules of Civil Procedure 26 through 37 govern discovery in civil actions of any nature that may be adjudicated by U.S. federal courts.  These rules permit the giving of notice, formulation of legal and factual issues and revelation of facts through pre-trial procedures including depositions and discovery.    Rule 26(b)(1) defines very broadly the scope of mandatory disclosures by an adverse party in response to a request for discovery:

Parties may obtain discovery regarding any matter, not privileged, that is relevant to the claim or defense of any party, including the existence, description, nature, custody, condition, and location of any books, documents, or other tangible things and the identity and location of persons having knowledge of any discoverable matter.   For good cause, the court may order discovery of any matter relevant to the subject matter, involved in the action.  Relevant information need not be admissible at trial if the discovery appears reasonably calculated to lead to the discovery of admissible evidence.

In general, confidential business information may be discoverable and subject to a protective order so that the requesting party does not publicize it.

Scope of Discovery Must be Proportional to the Benefit.
Rule 26(b)(2) imposes general limits on discovery under a “proportionality” test.  A federal court may limit the frequency or extent of use of “discovery” methods if the court determines:

  • the discovery sought is unreasonably cumulative or duplicative, or is obtainable from some other source that is more convenience, less burdensome or less expensive;
  • the party seeking discovery has had ample opportunity by discovery in the action to obtain the information sought; or
  • the burden or expense of the proposed discovery outweighs the likely benefit, taking into account the needs of the case, the amount in controversy, the parties’ resources, the importance of the issues at stake in the litigation, and the importance of the proposed discovery in resolving the issues.

Payment for Cost of Disclosing Records and Information.
Normally, the courts presume that the cost of researching and producing the requested records and information in the discovery process must be paid by the responding party.  However, under Rule 26(c), the court may shift the cost to the requesting party to avoid “undue burden or expense.”  Oppenheimer Funds, Inc. v. Sanders, 437 U.S. 340, 358 (1978).

Common Law Approach to Equitable Determination of Cost Allocation and Cost-Shifting for Discovery of Records, including Electronic Records.
Different courts have adopted different standards and tests for balancing the costs and likely benefits.   The most influential response to the problem of cost-shifting in the discovery of electronic records was the eight-factor list adopted by U.S. Magistrate Judge James C. Francis IV in Rowe Entertainment, Inc. v. William Morris Agency, Inc., 205 F.R.D. 421, 429 (S.D.N.Y. 2002).   More recently, District Judge Shira Scheindlin of the same district court adopted a different rule to tailor the Rowe Entertainment principles to add one new factor and omit two unnecessary factors.   Zubulake v. UBS Warburg LLC, __ F.3d __, NYLJ May 19, 2003, p. 37, cols. 1-6, p. 28, cols. 1-5 (S.D.N.Y. March 2003) (claim for alleged wrongful discharge due to claimed sex discrimination in employment).   The Zubulake court reasoned that the factors should be weighted and that they should be not be predisposed, or “slanted,” as the Rowe Entertainment rules might do, in favor of shifting the costs of production from the responding party to the party requesting the electronic records.

The following table compares the two decisions:

Rowe Entertainment Factors
(without any order of importance or priority)
Zubulake Factors
(in numbered order of importance and priority)
1.The extent to which the request is specifically tailored to discover relevant information.
1. The specificity of the discovery requests.
2. The likelihood of discovering critical information.
3. The availability of such information from other sources. 2. The availability of such information from other sources.
4. The purposes for which the responding party maintains the requested data.
5. The relative benefits to the parties of obtaining the information. 7. The relative benefits to the parties of obtaining the information.
6.  The total cost associated with production (a test of absolute cost without reference to the amount in dispute). 3.  The total cost of producing the requested information as compared to the amount in controversy (a test of proportionality of cost to the amount in dispute).
4. The total cost of producing the requested information as compared to the resources available to each party (a test of proportionality of financial resources).
7.  The relative ability of each party to control costs and its incentive to do so. 5.  The relative ability of each party to control costs and its incentive to do so.
8.  The resources available to each party. [See factor #4 above.]
6. The importance of the issues at stake in the litigation.

Types of Storage of Electronic Records.
Retention of documents in electronic form allows cheaper and faster access, with easier determination whether a document is protected from the discovery process by some form of evidentiary privilege (e.g., attorney-client communication, attorney work product, husband-wife spousal privilege, etc.).   Judge Scheindlin’s opinion in Zubulake toured the types of methods for record keeping, with reference to accessibility and ease of production.

Whether electronic data is accessible or inaccessible turns largely on the media in which it is stored. Five categories of data, listed in order from most accessible to least accessible, are described in the literature on electronic data storage:

1. Active, online data:
“Online storage is generally provided by magnetic disk. It is used in the very active stages of an electronic records [sic] life – when it is being created or received and processed, as well as when the access frequency is high and the required speed of access is very fast, i.e., milliseconds.” Examples of online data include hard drives.

2. Near-line data:
“This typically consists of a robotic storage device (robotic library) that houses removable media, uses robotic arms to access the media, and uses multiple read/write devices to store and retrieve records. Access speeds can range from as low as milliseconds if the media is already in a read device, up to 10-30 seconds for optical disk technology, and between 20-120 seconds for sequentially searched media, such as magnetic tape.” Examples include optical disks.

3. Offline storage/archives:
“This is removable optical disk or magnetic tape media, which can be labeled and stored in a shelf or rack. Off-line storage of electronic records is traditionally used for making disaster copies of records and also for records considered ‘archival’ in that their likelihood of retrieval is minimal. Accessibility to off-line media involves manual intervention and is much slower than on-line or near-line storage. Access speed may be minutes, hours, or even days, depending on the access-effectiveness of the storage facility.” The principled difference between nearline data and offline data is that offline data lacks “the coordinated control of an intelligent disk subsystem,” and is, in the lingo, JBOD (“Just a bunch of disks”).

4. Backup tapes:
“A device, like a tape recorder, that reads data from and writes it onto a tape. Tape drives have data capacities of anywhere from a few hundred kilobytes to several gigabytes. Their transfer speeds also vary considerably.The disadvantage of tape drives is that they are sequential-access devices, which means that to read any particular block of data, you need to read all the preceding blocks.” As a result, “[t]he data on a backup tape are not organized for retrieval of individual documents or files [because] .the organization of the data mirrors the computer’s structure, not the human records management structure.” Backup tapes also typically employ some sort of data compression, permitting more data to be stored on each tape, but also making restoration more time-consuming and expensive, especially given the lack of uniform standard governing data compression.

5. Erased, fragmented or damaged data:
“When a file is first created and saved, it is laid down on the [storage media] in contiguous clusters. As files are erased, their clusters are made available again as free space. Eventually, some newly created files become larger than the remaining contiguous free space. These files are then broken up and randomly placed throughout the disk.” Such broken-up files are said to be “fragmented,” and along with damaged and erased data can only be accessed after significant processing.

Of these, the first three categories are typically identified as accessible, and the latter two as inaccessible. The difference between the two classes is easy to appreciate. Information deemed “accessible” is stored in a readily usable format. Although the time it takes to actually access the data ranges from milliseconds to days, the data does not need to be restored or otherwise manipulated to be usable. “Inaccessible” data, on the other hand, is not readily usable. Backup tapes must be restored using a process similar to that previously described, fragmented data must be de-fragmented, and erased data must be reconstructed, all before the data is usable. That makes such data inaccessible.  Zubulake v. UBS Warburg LLC, __ F.3d __, NYLJ May 19, 2003, at cols. 5-6 (S.D.N.Y. March 2003).

The Bottom Line: Who Should Pay for Producing Copies of “Accessible” Records and for “Inaccessible” Records.
In Zubulake, the court ordered the defendant, employer UBS Warburg LLC, to pay the cost of producing e-mails stored in active use or on archived optical disks.   The court remanded to a magistrate judge the allocation, in accordance with the Zubulake court’s seven-factor test, the costs of producing e-mails stored on backup tapes.   Production of records from the backup tapes and from archived optical disks was estimated to cost were estimated at  $300,000.   In this case, the terminated employee had been earning $500,000 a year in compensation, and the employer was a major international investment bank.

In the final analysis, this raises issues for enterprises (and their records management service providers) in connection with litigation strategy.

Best Practices in Records Management in Outsourcing.

In the era of electronic signatures, electronic litigation discovery and mandatory reporting procedures for publicly traded companies, certain “best practices” are emerging.

Service Level Agreements and Standards of Care.

Records management services agreements have generally defined the service provider’s standard of care both in legal terms (degree of negligence) and in technological and business terms (specified business procedures whose inputs and outputs are objectively measurable as service level agreements).

Business Purposes and Risks in Rapid Accessibility to Business Records.
Enterprises might wish to think twice before storing all e-mails on easily accessible storage means, such as Storage Area Networks, network attached storage and other “online” or “near-online” technologies.  If the enterprise is defending against a claim of unfair employment termination, it might be advantageous not to spend the additional cost for the more rapid method of access.   However, if the enterprise is considering use of historical e-mails for development of a knowledge basis using semiotic, robotic knowledge generation tools, the shareholders will probably reap great economic benefit from the “online” and “near-online” technologies.

Service Level Agreements.
All documents are not created equal.   The customer’s records retention policy must be clear.  The customer may need the right to change the SLA’s in response to newly mandated record keeping requirements, ranging from a longer statute of limitations to more detailed accounting reports under the Sarbanes-Oxley Act of 2002 (more related links at end of article).

International Records Management.
Records management generally should be maintained in the country where the records originate.   As enterprises globalize, internationalization of records management follows.   As a result, the peculiar legal issues relating to international business transactions should be identified and resolved as part of any international records management service contract.

Data Warehousing.
This phrase “data warehousing” describes the consolidation of disparate forms and types of data under “one roof,” that is, in a manner accessible from one program.   As digital information becomes more easily accessible to the data masters, so it may be more easily accessible to those, acting in litigation, seeking to obtain copies of that information.

Limitation on Liability.

An enterprise customer’s loss due to “poor” records management can come from any one of several sources, including:

  • loss of business records required to comply with contractual, statutory, regulatory or judicial obligations.
  • loss of goodwill.
  • fines and penalties from failure to maintain records, or to file official declarations and “returns” that are based on such records.
  • adverse evidentiary presumption in case of proven spoliation of evidence.
  • loss of rights in a trade secret.
  • loss of rights in a patent or patent application.
  • compulsory disclosure of business records that constitute an admission against interest in litigation.

Before agreeing to limitations on liability, the enterprise customer should consider each of these business risks and evaluate the likely impact on the enterprise.   Alternatively, the solution might lie in an enhanced SLA or more detailed statement of work.

Insurance and Other Risk Mitigation.

The enterprise and its corporate officers, directors and even shareholders may become directly or vicariously liable for the negligence or willful misconduct of its external service providers that provide records management services.    The corporate risk manager should review the company’s and the service providers’ insurance policies for errors and omissions, directors’ and officers’ liability insurance and coverages for valuable papers and business continuity.

Securities Law Compliance.

Record keeping is now a strict obligation under the U.S. federal and state securities laws.  The Sarbanes-Oxley Act of 2002 amended the federal securities laws to require that the CEO and the CFO certify that the financial reporting systems are adequate.    Service providers in the field of records management and document management should determine how much risk they are willing to assume in relation to liability arising out of:

Insurance and Other Risk Mitigation.

  • erroneous document retention policies of the enterprise customer;
  • negligence or gross negligence by the records manager; and
  • faulty procedures in any transfer or storage of data, including commitments of complete redundancy, data mirroring and disaster recovery.

Periodic Inspections and Verifications.

Trust depends on continued reliability.  Audit and inspection are a normal part of the outsourcing processes.  In the field of records management, the preparations for the date change in the year 2000 launched a global business process of disaster recovery testing.  Normal records management should have periodic inspections and verifications to ensure the processes continue as promised and, more important, as may be required to comply with emerging applicable law.

Outsourcing as a Tool in Exiting a Failing Business: National Australia Bank’s Acquisition of Shares in Rival AMP Ltd.

October 9, 2009 by

Outsourcing can provide a unique benefit in preserving the value of a declining line of business.  Consider an industry where many major players are suffering operating losses, where “ill-timed” acquisitions have resulted in write-offs and loss of shareholder value, and where there are no buyers or where the assets impaired by recent losses cannot be sold for what has been the historical valuation.  In such cases, outsourcing offers to management the “breathing room” to maintain a customer base while waiting for either a recapture of the same outsourced business in a future up-market.  This principle applies to international as well as domestic markets.

We take a case study in the financial services industry in Australia and the United Kingdom as the backdrop for some “lessons learned” in the use of outsourcing as a tool for exiting, or preserving value, in a failing line of business. The case involves National Australia Bank and AMP Ltd. (formerly named Australia Mutual Provident).  The lessons apply to any business that has been challenged by recession or by failed over expansion through failed acquisitions.

Background.

AMP Ltd. and National Australia Bank are both Australian financial services companies that entered into the UK life insurance market as part of a diversification strategy. They compete in Australasian banking and insurance  markets as their principal markets. Both concentrate on insurance and funds management services.  AMP has about A$235 billion in funds under management, compared to NAB’s A$65 billion, as of August 2003.  AMP’s crown jewel is its network of about 1,900 financial planners in Australia.

AMP and Its Demerger Strategy for Unlocking Shareholder Value in a Declining Market.

AMP, whose shares are owned by about 1 million Australians, experienced financial troubles and a steep decline in the price of its stock from 1999 to 2003. In response, in late 2002, the company adopted retrenchment measures, including closures of certain lines of business, a new board of directors, reductions in costs and in risks and a demerger, announced on May 1, 2003, that it would “demerge” its UK and Australasian businesses.  The demerger announcement asserted that each new entity would benefit by having distinctive strategies, customer bases and growth prospects, and would operate in simpler, more transparent structures.  As restructured, AMP Banking will focus on Australian markets for mortgages, retail deposits and retail financial planning services.

NAB and its Rolling Acquisition Strategy.

National Australia Bank operates in 15 countries and is one of the 50 largest banks in the world by revenue.  NAB made an informal offer in 1999 to purchase AMP for A$21 a share, less than one third the A$6 per share that it offered in August 2003.  On August 28, 2003, NAB announced that it was offering to acquired a small 5.4% stake in AMP for A$6.00 per share.  When NAB “waded in” to make an initial purchase, AMP was trading at A$5.40 per share.  While NAB’s 2003 share purchase did not involve a tender offer for control, it clearly put AMP’s shares “in play” for a potential tender offer, which would give NAB a dominant position in the Australian funds management industry.

Role of Outsourcing for Both Financial Institutions.

Outsourcing played a role in the business strategy of one of the two financial services institutions.  Both experienced hard times from one of the worst bear markets in UK history. Their strategies differed. AMP sought a split-off, or demerger, of the UK and Australasian lines of business.  NAB decided to continue in both markets as a distributor of third-party services, rather than as an integrated seller of life insurance.

Outsourcing by NAB.

NAB used outsourcing to drop losing lines of business without losing customer goodwill and without losing the opportunity to cross-sell customers using service products that it did not “own” or produce directly.  By outsourcing, NAB positioned itself to retain customers and, one may presume, the legal right, on expiration of the outsourcing agreement, to recapture the outsourced services or find another service provider.  After the outsourcings, NAB can now focus on distribution and customer relationship management.

Outsourcing of Life Insurance Underwriting.
Facing tough competition and an economic downturn in England, in early August 2003, NAB closed down its life insurance underwriting business in the United Kingdom and appointed Legal & General Group as its “alliance partner” to underwrite life insurance for retail customers of NAB’s three UK bank subsidiaries.  NAB’s announcements in the press did not specify any material details.  In a bid to persuade its retail customers that a brand name was better than an affiliated “house” name, NAB praised Legal & General’s status as a leading life insurance underwriter.  The Australian Financial Review called this an “outsourcing deal.”

Outsourcing of Insurance Administration Services.
NAB also formed an “alliance” with Junction, a part of the UK’s Budget Group of Companies, to provide product and administration services for its home and motor vehicle insurance operations.

Outsourcing by AMP.

AMP used outsourcing to drop its own losing lines of business, but only as a means of termination and liquidation of a dying business.

Insurance Business.
As part of its cost cutting, AMP discontinued its reinsurance and direct insurance businesses.  AMP hired another insurance services company, Cobalt, to “manage the runoff,” or claims processing for the eventual expiration of all pending policies written by such AMP lines of business.

Investment Operations Outsourcing Services.
AMP was apparently in such dire straits in 2002 that it had to sell off a crown jewel, its Cogent subsidiary in the UK, to BNP Paribas Securities Services.  For BNP Paribas, which had extensive operations in serving mutual funds and providing custodian banking, AMP’s sale was an opportunity to relaunch its position in the United Kingdom by expanding further into outsourced support for mutual funds and private equity funds.

Legal Issues in the Acquisition Strategy.

Use of an outsourcing strategy to reduce corporate capital investment in operations and accelerate an acquisition campaign poses legal hurdles. The “big payoff” will not be available if the acquisition violates antitrust or competition rules.  But the outsourcing strategy pays off anyway because it deals with an inherent problem instead of closing out a business.

Lessons for Corporate Strategists, Investment Bankers and Shareholders.

When a company hires an outsourcing services company, the engagement can signal an exit in the line of business.  In the case of AMP, it signaled a total exit for the closed lines of business.  For NAB, it signaled a chance to retain customer loyalty while shifting to Legal & General Group the business of managing a life insurance underwriting operation.

From a corporate strategist’s viewpoint, we think outsourcing (or some variation such as “strategic alliances” or subcontracting) can provide significant advantages in different types of markets. In this case, the markets had suffered significant declines in customer purchases.  The loss of gross revenues in 2001 opened opportunities for creative strategic responses using outsourcing techniques

  • Outsourcing as a “Least-Worst” Alternative to Closing a Line of Business.
    Outsourcing can be a viable exit strategy for a line of business.  When a business is closed, its assets are lost.  By preserving the semblance of continued operations, the goodwill associated with the line of business can be preserved.   The goodwill can continue to generate shareholder value without permanent impairment. Even where the business is actually closed, hiring someone else to manage the “runoff” of expiring business obligations (in this case, life insurance policies) allows an immediate closeout of the business operations, thereby allowing management to focus on other business needs.
  • Outsourcing as a Tool for Cost Containment.
    Outsourcing can contain costs.  The extent and predictability of such cost containment depends on how the outsourcing is structured and managed by the enterprise customer.  In the case of NAB, the “strategic alliance” dramatically reduced the costs of the UK bank subsidiaries for valuable products.
  • Outsourcing as a Tool for Customer Retention Strategy.
    Outsourcing can increase customer retention for services and products that the enterprise cannot viably deliver at competitive prices or terms. By shifting from a proprietary service suite to an outsourced service suite, NAB’s UK bank subsidiaries can argue that they have improved the quality of service by a “strategic alliance” with a “best of breed” life insurer.  In the process, NAB retained the full line of service, so that customers will continue to view it as a “full-line” service provider in its field, financial services.  And NAB can be seen as a distribution company, retaining goodwill.
  • Outsourcing as a Tool for Risk Mitigation.
    Outsourcing can mitigate the risks of continuing a business in a highly challenged marketplace.
  • Outsourcing as a Tool for Nimbleness in Mergers and Acquisitions.
    Outsourcing can allow management the time to focus on strategic mergers and acquisitions.  In Australia, NAB had already offloaded the underwriting function to Legal & General Group and could easily integrate and expand that outsourcing to accommodate the AMP UK life insurance business as well, if NAB were to acquire or merge with AMP.  In doing so, NAB position its self to either swallow AMP as a “full fledged fish” with a poorly performing life insurance underwriting business, or it could elect to offer only to acquire the crown jewels of AMP, its financial management services business.
  • Outsourcing for Renewed Focus in a Down Market.
    As management guru Peter Drucker once said, companies have two purposes: to innovate and to market.  By outsourcing effectively to avoid loss of market share, NAB is able to focus on its core business and contemplate the possibility of acquiring its chief rival in Australia.  If it acquires AMP, NAB will reportedly have a 52% market share above that of its nearest rival, Commonwealth Bank, in the institutional investment funds management industry.
  • Failure to Outsource.
    In selling its Cogent subsidiary in 2002, AMP chose to sell a line of business rather than outsource it and keep the customer relationships.  One may second-guess this decision as a precursor to a financial and strategic restructuring of AMP.  In making “sell vs. outsource” decisions, management should consider both. If management has to raise cash to pay off debt, the “sell vs. outsource” decision becomes skewed towards a simple sale.

Legal Compliance in Outsourcing

October 9, 2009 by

When is the Service Provider Liable for its Customer’s Compliance with Laws, including Payment of Fines and Penalties for Non-Compliance?

When is the service provider liable for its customer’s compliance with laws, including payment of fines and penalties for non-compliance?   Most outsourcing agreements require each party to comply with applicable laws.  However, as business process outsourcing (“BPO”) services move up the value chain, legal compliance obligations can get somewhat tricky.  Consider the scenario where the service provider’s services substitute for the enterprise customer’s normal compliance with laws governing the enterprise customer’s operations.   If you are a candidate for public office, your consultant might just be liable for your compliance, fines and penalties.  If you stay out of politics, you can still learn about a critical BPO contracting issue that played out in a New York City election campaign.

Context: Compliance with Election Laws.

If you are a candidate for public office, your consultant might just be liable for your compliance, fines and penalties.  While laws vary, it is instructive to consider the liability of a political consultant.  The consultant’s client, a New York City political candidate, failed to timely respond to the Campaign Finance Board’s draft audit report and filed late four disclosure statements.  The consultant acknowledged its office failures.  It offered two excuses.  First, its failures were due to its own disorganization (and not its client’s).   Second, the candidate’s records were on a computer affected by a computer virus.  This is hardly a case involving the usual due diligence, site visits and other critical infrastructure offered by the usual “big ticket” outsourcing.  But the case illustrates what happens in case of “worst practices.”

Statutory Liability.

The particular statute imposes liability on “agents” as well as the political candidates.   Under the New York City Administrative Code, §3-711(1), an “agent” includes individuals and entities  who have undertaken the responsibility for campaign law compliance.

The Service Agreement.

The political consultant claimed that it had developed computerized systems designed to keep its clients’ political campaigns  in compliance with the campaign finance regulations.   The agreement provided that the service provider would complete all filings with the regulatory agency and explain to the candidate and monitor all rules and regulations applicable to the political campaign.

The Course of Dealing.

The political consultant actually performed as promised, at least to the degree sufficient to be designated as an “agent” liable under the regulations for compliance.   The candidate’s Candidate Certification listed the service provider as the mailing address for notices from the regulatory agency.   The service provider’s employee represented to the regulatory agency that she represented the committee for the candidate’s election with respect to compliance.  The candidate’s disclosure statements were generally delivered by hand by the service provider’s messenger.   The service provider’s contacts with the regulators outnumbered those of other representatives of the candidate’s election committee.

Implications for Enforcement of Other Types of Regulatory Legislation.
This decision represents an enforcement action by the governmental agency responsible for administering a regulatory law.  The regulators targeted enforcement action directly against the “BPO service provider” by reason of its contractual undertakings, its actions for compliance and its direct communications with the agency.  The same analysis might not apply to non-delegable compliance duties, such as these of the CEO and the CFO under the Sarbanes-Oxley Act of 2002.

Equitable Estoppel.

In this case, the court, without setting forth a theory of law, concluded that it would be inappropriate to allow a service provider to act as agent and not have the liability of an agent.

To allow any entity, that has agreed to fulfill the compliance requirements of behalf of a candidate to shoulder the blame for a candidate’s non-compliance, and then to allow that same entity to escape liability because it claims it is not an “agent” of the candidate, would not serve the purpose of the Campaign Finance Act.   To accept [the service provider’s] argument would defeat the policy behind the Campaign Finance Act.

As a result, the court found that it was not “arbitrary and capricious” to impose the candidate’s penalty on the consultant, and that such an imposition did not lack a rational basis.

Lessons Learned.

By assuring compliance with laws, the service provider agrees to guarantee the result.  Unlike a commitment to use “best efforts” or some other type of “efforts,” a BPO service provider’s guarantee of results implies an agreement to shoulder the fines and penalties imposed on the service provider’s customer by reason of any failure to comply.

Matter of The Advance Group v. New York City Campaign Finance Board, __ N.Y.S.__, NYLJ (Feb. 3, 2004), p. 18, cols. 3-4 (N.Y. Co. Sup. Ct. 2004), per Justice Shafer.

« Previous PageNext Page »