This article is jointly written by Abhyudaya Agarwal and Amartya Bag.
Functions which do not relate to the core competence of a business, are not cost-efficient if performed by the organization itself, or are labour intensive are typically outsourced to cheaper destinations or companies which perform them more cost-effectively. Outsourcing is especially common in the information technology sector and finance sector. For example, customer service, facility management and back-end processes are often entrusted to an outside vendor.
The advantages of specialization motivate the decision to outsource non-core areas of work, and technology has facilitated outsourcing even further. Note that outsourcing of non-core functions does not imply that the outsourced processes are not critical to the success of the business – it just implies that the business does not possess the core competence or that it will be too expensive (or impracticable) for the business to handle the functions on its own.
How are outsourcing arrangements undertaken? How are the relationships managed? What should a businessman who contemplates entering into an outsourcing transaction or a consultant or advisor who wants to help a client know about outsourcing relationships and contract?
In this article we will focus on how technology-related outsourcing arrangements work. Materials and insights on outsourcing agreements, and different strategic and legal issues faced while entering into such an arrangement is very scarce, and a businessman or his advisor will be able to develop extremely unique skillsets by understanding these issues.
Before getting into details, we will examine common business and contractual models of outsourcing:
1. Outsourcing Agreements for BPOs and KPOs
Outsourcing contracts, especially for Business Process Outsourcing (BPOs) and Knowledge Process Outsourcing (KPOs) can be extremely complex. There are a variety of contractual models that are used for outsourcing, depending on the objective of the clients, some of which are discussed below:
· Services Agreement
A vanilla services agreement will merely require a third party to perform a particular function for the customer – the agreement will specify service levels that are acceptable for the outsourced services (see the discussion on Service Level Agreements and Master Service Agreements in another part of this course for this purpose). The business may transfer certain IT assets (such as data centres, etc.) and employees through a secondment or similar arrangement to the outsourcing vendor for the duration of the agreement, but this is more common in a joint venture or a captive outsourcing model.
High value BPO or KPO outsourcing transactions could involve a joint venture or captive outsourcing structures.
- Joint venture
In another model, the customer and the service provider incorporate a separate legal entity (in the form of a joint venture), for providing necessary services. This entity is jointly owned by the customer and the service provider. Often, these feature a transfer of employees and IT assets of the customer. The outsourcing services provider is able to complement the transferred resources of the company with its own technical resources and employees.
A joint venture model could have several variations – for example, one customer could enter into a joint venture with multiple suppliers. This structure is adopted when one supplier is not adequately equipped to handle all the outsourcing needs of the customer alone. Hence, the customer may require multiple entities to come together and perform the desired services in a coordinated manner (in the form of a single joint venture) to meet its needs.
Alternately, multiple customers could incorporate a joint venture together to form an entity providing outsourced services to all of them. This enables pooling of resources and reduces costs for the customers. Sometimesthe seller may also provide services to other customers
- Captive outsourcing entity
In a captive outsourcing model, the customer (i.e. the entity which desires to outsource services) owns the entire capital of the service provider. The unit provides services to the customer on an exclusive basis. While some local professionals and employees may be hired, the service provider is entirely controlled by the customer.
2. Common heads in outsourcing agreements
An outsourcing contract is usually a long-term contract – hence, it must not only define the rights and liabilities of the parties, but will also take into account high-level issues like IPR, data protection, exit clauses, dispute resolution, transfer of assets and at the same time leave enough flexibility for parties to manage day-to-day issues.
This module discusses about certain key clauses that should be kept in mind while drafting or entering into an outsourcing agreement, especially in case of information technology related outsourcing.
Typically, outsourcing agreements include provisions on a variety of issues such as transfer of assets, staff, pricing and payment (see the discussion on remuneration-related provisions), intellectual property matters, and information security, monitoring provisions, service levels and credits for failure to meet service levels, termination, etc.
We will discuss these clauses in detail below:
Scope
This is the fundamental clause on which the success of the whole contract depends. Any kind of ambiguity or uncertainty in the clauses might lead to conflicts and confusion in the future. The clause should be drafted with utmost precision, having clarity and delineate the scope of services. In terms of content, the clause should define what services are expressly covered under the agreement, what service are expressly excluded, what service are dependent or responsibility of the third party. If it is not possible to describe the services to be offered by the vendor in the main agreement, they might be described in detail in a schedule which is annexed to the agreement. The clause should also expressly mention whether this agreement is an exclusive agreement with the service provider. Having clarity regarding the scope will also help in formulating the pricing, rights and liabilities of the parties in a better way to suit the nature of the contract.
Transfer of assets
In certain cases, the assets of the customer are transferred to the service provider – these could be hardware, telecom equipment, software licenses, equipment leases and equipment maintenance contracts. In such cases a separate ‘transfer agreement’ which captures transfer or assignment of these assets is executed between the parties.
Transfer of personnel
Where employees are transferred to the service provider, it must be ensured that the transfer is legally smooth and does not trigger any retrenchment-related or other law provisions which have a financial impact on the parties. To comply with this, the new employer must employ them on the same terms as they were originally working.
Ownership of IPR
Intellectual property involved in an outsourcing contract includes, patents in case of R&D based industry, software development or related to product design, trademark is case the agreement involves sale or marketing of customer’s products, or copyright if the agreement is related to graphics, creative works, software applications. The first priority would be to identify the existing IP to be used, and what type of IP might be produced during the existence of the contract by the vendor. In an outsourcing contract, there is possibility that a new IP is created, or it is improved or the existing IP is used by the parties. In such cases, it is essential that the ownership or the terms of use of that IP is specifically mentioned in the contract itself. In case of a pre-existing IP, generally the IP lies with party who created it, and a license to use pre-existing IP should contain appropriate field of use limitations and may be exclusive or non-exclusive, etc. In case of a newly created IP, it is essential to identify who will have ownership of the IP, and whether the vendor will have certain rights regarding its usage or will it be joint-ownership. In case of joint-ownership one should review the applicable laws of the country and its possible consequences.
Information security
With increasing level of information being shared in an outsourcing contract, which might include sensitive business information, personal information of the customer and might also involve data related to third parties. In case of a breach, both the customer and the vendor might face financial harm as well might result in harm to the goodwill of the company.
It is essential that the contract should specify the standard of care to be taken by the vendor in handling of the data, which might include provisions for physical security, signing of non-disclosure agreements with the employees and consultants of the vendor, internal security protocols and procedures compliance with industry-standards such as the ISO Standards on Data Security to minimise the risk of information security breach. Businesses operating in certain sectors are required to maintain higher levels of security and comply with additional regulations due to the kind of information they collect. In case the client is operating in such a sector, the client (or any agency to which it outsources the functions) may be required to comply with protocols under sectoral regulations.
Examples of such laws could be the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), the Fair Credit Reporting Act (FCRA) and the Children’s Online Privacy Protection Act (COPPA) in US or following of the Data Protection Directive of the European Economic Area (EEA), or the RBI’s Know Your Customer norms or SEBI regulations in India. See the study materials on data protection for more information around this clause.
The agreement should specifically define, personal information, confidential information, what constitutes material breach, which employees will have access to data.
The contract should also specify the obligations and remedies of both the parties in case such a breach happens. The contract should also specifically have provisions, to notify the customer in case of a breach and lay down procedures to mitigate the effects. Provisions related to indemnity in case of a breach can incorporated in the case clause or in a separate indemnity clause. It should also lay down who controls the defence and settle the claims in case of a breach or there should be an expressed permission needed from the customer for settlement of such claims. The customer should look for clauses which limit such claims in form of caps or consequential damages, or not covering third party liabilities. The customer may ask the vendor to take compulsory insurance to cover such risks. The vendor can negotiate clauses to contain caps or would not cover consequential damages. There should be a provision, which allows the customer to periodically audit the security protocols of the vendor.
Warranties and liabilities
An agreement always has the chance of facing some risks associated with transactions. The most obvious risks should be foreseen and their effect be addressed in the contract. No contract can be free of risks; however it is essential that risk is either shared, limited or pre-emptive steps taken. An IT outsourcing contract should contain provision related to warranties made, which includes maintaining performance, work standards, service levels, viruses or disabling devices compatibility clauses, providing correct financial condition, intellectual property infringement, maintaining security and data protection. An expressed condition can be incorporated making it mandatory for the vendor to pay in case of breach of service, for which the customer has suffered losses.
However, there can be provisions related to limitation of liabilities in form of a cap, or non-covering of consequential damages (like loss of profits), personal injury, property damage, third party contracts, acts & omissions by employees and by subcontractors, negligence, misconduct, employment and termination related issues, acts of nature, non-functioning of third party software. The customer may insist for a mandatory insurance policy to be taken by the vendor to protect against such loss. This will not only ensure that the customer gets paid for the damage, but the vendor is also protected against financial losses.
Term, termination and exit clauses
The term clause should specifically mention the term of the contract, conditions for extension of the contract and might provide for provision for mutual termination of the contract.
The termination clause should expressly lay down the events which might lead to termination of the service, by either party or one of the parties.
Generally an outsourcing contract is a long term contract, so arising of dispute is not uncommon. In case a dispute resolution fails, the contract may need to be terminated or even in case of completion of term of the contract, it is essential that the contract have properly drafted clauses which handle the exit in an efficient manner without much disruption to the service of the customer.
Generally, a termination or exit should be made in a staged manner, wherein part of the service is taken over by the customer itself, or handed over to another vendor in a phased manned over a period of time. This can be incorporated even in cases, where immediate notice of termination is given. It would not only benefit the customer but also the vendor, who can reallocate/restructure its resources in a better manner. Another concern that can be taken care through proper drafting, where the vendor has terminated the contract in case of a dispute related to payment, the clause may provide that the disputed amount be credited to a trust account for continuation of the services. The exit clause should also mention the minimum period of such transition service, quantum and nature of service to be provided during the exit period and the whether any payment to be made during this period. However, these would depend on the reason behind the termination.
The clause may have provisions related to buy back of IT assets and infrastructure, transfer of know-how and materials, transfer of third party contracts made by the vendor for running the service provided to the customer. The clause should specifically mention who would be responsible for remobilisation or relocation cost, termination fee.
Jurisdiction and dispute resolution clauses
In most cases, the clauses related to jurisdiction and dispute resolution are overlooked. If an outsourcing agreement involves parties in different jurisdictions it is essential to be clear about which courts have the decision to decide disputes and which law is applicable to the dispute. A tight alternative dispute resolution (ADR) clause can help in reducing litigation or settling the dispute without involving huge costs and within a short span of time – here, ADR does not necessarily refer to arbitration but could refer to mediation, expert determination and other mechanisms as well.
Under a jurisdiction clause, the parties may select the venue and the Court where the dispute can be resolved. While selecting such venues, it is better to be specific about the particular court, and not just the country (especially in case of a large country such as India). Jurisdiction clauses can be exclusive, i.e., the disputes can only be brought to the court agreed by the parties, or non-exclusive, where the parties specify are court but are free to select any other appropriate forum.
A governing law clause will not only decide on which country’s law is applicable, but also determines how the provisions of the agreement are to be interpreted, and the validity of exclusions or liability clauses.
Why is it important to include these rules? Very simple – the ability to enter into customized relationships gives the parties significant freedom to choose how to regulate their commercial conduct. In case there is no provision in the contract for dispute resolutions, conflict of law rules of the jurisdiction in which the action was brought (lex fori) will determine the governing law. As a general rule, the law where the service provider is based is applied – however, these rules are complex and vary depending on the jurisdiction and no party wants to indulge in a legal proceeding over which rules apply later on.
Generally such agreements also expressly exclude the UN Convention on Contracts for the International Sale of Goods 1980 (Vienna Sales Convention), which provides certain rules that are favourable to the customer on representations and warranties, anticipatory breach of contract, and other matters.
How does the service provider benefit? Remuneration-related provisions
Different types of remuneration mechanisms may be built into an outsourcing contract – the remuneration may be assessed on per transaction basis, or on the amount of resources that are dedicated to the outsourcing process by the service provider. Alternately, sometimes a profit-sharing method is used, if the performance of the outsourced process is extremely critical for the overall business of the customer. In a lot of cases the model which is ultimately implemented may depend on the needs of the business and the type of service provided by the service provider. A consultant or an advisor should know these models so that he may assist a client in negotiation or for ultimately helping the client complete the deal and enter into a relationship. A businessman can similarly use these insights similarly for his or her own business.
Pricing models are explained in more detail below:
i) fixed price – in this model a fixed amount may be paid to the service provider per year. For example, INR 20,00,000 per year for an outsourced technology platform, with a maximum cap of 10,000 users using it continuously at any given point of time. Many video-hosting services such as Vimeo work on this model.
ii) resource-based payments (based on resources, identified as the FTEs or Full Time Equivalents) – in this model, the compensation will in some way be linked to the headcount and amount of resources employed by the service provider to deliver the output service. Note that this model does not by itself take into account how efficiently or cost effectively resources are deployed.
For example, an organization may state that it needs to devote 3 persons and 3 fully loaded cabins (with office space and related infrastructure) to handle 10,000 customer support calls every month, for which it will charge INR 8,00,000. If expected calls are 100,000, the amount of resources, and cost incurred simply multiples by 10.
iii) transaction or volume-based model (e.g., price per transaction) – in this model, pricing will be on a per unit basis. For example, if there is
iv) cost-plus arrangements – in this model, the service provider may charge the cost incurred by it plus a certain markup over the resources deployed.
For example, if 10 persons are to be employed at INR 20,000 salary per month to perform the service, the service provider may charge INR 2,00,000 plus a markup of, say 15 percent, i.e. a total of INR 2,30,000 per month.
v) gain-sharing/ risk-sharing – this model actually involves sharing risks, and the possibility of profits if the business is doing successfully. Although this model is frequently discussed during negotiations, it is rarely finalized and implemented, as per industry experts. It is likely to be more often used when the process being outsourced is relates very closely to the overall success and performance of the organization.
For example, assume that an Indian supplier agrees to provide all necessary services (including a customized relationship management software and necessary call-centres with staff members) for handling customer support at a 10 percent revenue sharing model. The amount of revenues earned by the service provider will be directly related to the success of the business, thus ensuring maximum incentive for the service provider.
vi) combinations of the above.
For example, a fixed price model could be adopted with a monthly performance bonus in case there has been no lapse in the service levels agreed to.
Note that apart from determining compensation mechanisms, the method for measuring compensation should also be defined clearly. Outsourcing relationships tend to be long term and payments are made over a period of time, as opposed to, say, a share acquisition transaction where the consideration is most often paid at once. In this setup, cost structures are likely to change over time. Some costs may scale while others may not – for example, price of providing a particular technology is likely to decrease with time, while personnel costs may increase. Clients will want that the pricing mechanism stays competitive – therefore, parties tend to adopt a ‘benchmarking’ mechanism. The benchmarking mechanism is used to revisit prices periodically, and compute the remuneration mechanism on the basis of prices of other representative transactions in the market which are used as samples for comparison.
The clause should also mention the schedule for such payment, late payments (and any interest applicable on late payments), currency to be used, and responsibility of payment of taxes. However, it is essential that the customer decide on whether to go for a fixed price or a fluctuating one, which should be made based on taking into consideration the nature of service provided.
The provision can have an audit clause, wherein the customer can audit the bills and invoices on a periodical basis for effective transparency.
Performance-related incentives and penalties
In case of inadequate performance or failure to meet service levels, parties agree to a ‘credit’ system. Typically, parties identify critical service levels. The impact of failure to meet any individual service level metric or to meet all of them together are quantified – usually the financial impact is less than the price paid to the supplier.
For example, if the supplier is to be paid USD 100 per month to meet performance standards on 14 service levels (of which 10 are critical), failure to meet all ten may result in credits which have a monetary significance of, say, up to USD 30 – 40.
For superior performance (that consistently meets the service levels or meets milestones, parties could agree to:
a) Cash payments – these could be agreed in there is exceptional performance. For example, if all service levels have been exceeded for a year.
b) Credits – these can be ‘earned-back’ and hence offset the credits for shortfall in performance, or they can accumulate and be set-off against future failure.
c) Isolated failures could be forgiven.
Updated technology
While price and service levels are being measured and controlled, it is also important to ensure (at least where the outsourced service is technology-dependent, which is the case with the entire IT sector) that the technology that is used is periodically updated. For this purpose, a ‘technology refresh’ clause is typically implemented, which helps in keeping the customer’s service up to date. While it might be difficult to define what precisely amounts to the ‘latest technology’, such considerations can be negotiated at a later stage, keeping a window open for defining the term. It also ensures that the service provider will know that he is expected to provide updated technology and will accordingly be prepared for it.
At this stage, one must incorporate the provisions related to who will bear the expense of such upgradations.
Implementation and monitoring in outsourcing arrangements
Since an outsourcing agreement typically envisages a long-term relationship, managerial staff of the business availing the IT service will have several administrative responsibilities to ensure the implementation and working of the agreement. Businesses usually appoint ‘contract managers’ and entrust them the overall responsibility of ensuring that the vendor’s services are of acceptable quality – they may be required to measure the vendor’s service levels at periodic intervals, handle change requests and payments, communicate with senior representatives of the vendor to address any problems, etc. If the agreement has been drafted well, administration can be easier.
We will discuss some of the managerial and operational issues below:
a) Transition management
The handover process leads to the transfer of the outsourced function from the customer to the service provider. This is a critical and delicate phase of the outsourcing relationship – if something fails here, the relationship is likely to fail soon. Hence, outsourcing agreements require a transition management plan and strategy. If they are elaborate, transition procedures could be captured in a schedule or in a separate agreement.
b) Governance
A company may outsource tasks to multiple entities – its eventual output will depend on how well the tasks are individually performed and how they integrate with the company’s eventual task. In this regard, there is significant managerial and operational work around management of relationships with all collaborators, managing the entire project, keeping track of all changes that are introduced to the process and identifying any risks that emerge.
c) Performance and quality management
In an outsourcing agreement it is essential to have a quality management clause incorporated in the agreement. The levels of service expected should be quantified. Once the project is commenced, systems need to be created for reporting appropriate performance metrics. Assigning of quality management parameters or key performance indicators (KPI) can be decided on the basis of nature of service involved in the contract and the stage of the contract. Such parameters can be based on certain industry laid down standards or own formulations.
d) Personnel management issues unique to outsourcing industry
Personnel management issues are a critical part of any outsourcing relationship. We are briefly summarizing the issues faced below:
- In government undertakings and PSUs have faced unique personnel management issues – workers who are employed on contract basis have approached courts for regularisation, claiming that the contractual arrangement is a sham arrangement. Courts have accepted this argument in cases where employees have been working for several years and the arrangement appears to exist to merely deprive employees of social benefits (such as provident funds, employees’ state insurance, etc.).
- What about arrangements not to poach or solicit employees? On various occasions parties in different kinds of outsourcing relationships agree to a non-solicitation clause, stating that a party will not employ the other party’s employees. Courts in India do not typically uphold these clauses.
- The Shops and Establishment Act of the concerned state governs matters such as leave, employment, etc. In most states employment of women in an organization was prohibited at night, but state governments have amended the Shops and Establishment Act through respective state notifications – the IT and software industry is permitted to employ women subject to fulfilling certain conditions in the notification which relate to safety of women, such as providing requisite number of security guards, measures to protect women from sexual harassment, night transport, etc.
- The Industrial Employment (Standing Orders) Act contains several standardized provisions which are by law applicable to any employee in an industrial establishment. Although these provisions may have more justification for the manufacturing industry, they are often onerous for employers in the service sector and IT industry. The IT industry in Bangalore operated because Karnataka had exempted the Standing Orders Act from applying to the sector.
- IT businesses may be required to scale up or scale down at a relatively quick level, depending on immediate demand – often, they hire workers on contract basis. Note that the Industrial Disputes Act applies to entities in the IT industry irrespective of the number of employees. The act lays down certain conditions that must be followed at the time of dismissal of employees – it specifies the order of dismissal for employees, the notice period and manner of compensation. These are discussed in detail in the Annexure.
Offshoring in the financial sector
India has been a destination for outsourcing by foreign companies and multinationals for over a decade. Now, Indian companies have started outsourcing non-core operations of their business to other local (or even offshore) entities. How is outsourcing of functions by Indian companies to foreign offshore service providers governed?
Typically, such functions are administrative in nature, such as ensuring compliance with labour laws, data entry functions, telemarketing, HR services, pay-roll management, etc. In this regard, financial sector regulators have issued guidelines and regulations which permit banks and insurance companies to outsource various services to third parties, as long as they do not outsource their ‘core’ functions.[1] For example, banks cannot outsource functions such as internal audit, decision-making functions like according sanction for loans and management of investment portfolio, etc. Certain restrictions are also placed in outsourcing to offshore jurisdictions. The manner of outsourcing must be in accordance with directions issued by the regulators – for example, RBI requires banks to frame a policy which is approved by the Board of Directors of the Bank for outsourcing, and prescribes certain terms which must be included in any outsourcing arrangement entered by the bank.
This is an excerpt from the Advanced Certification in Information Technology and Social Media Laws offered by iPleaders and LawyersClubIndia. To know more about information technology law issues, including cloud computing agreements, EULAs, payment gateways, etc, online reputation management, IT and IP audits, and more. You may drop an email to [email protected] .
[1] RBI – Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by banks, available at http://rbidocs.rbi.org.in/rdocs/Notification/PDFs/73713.pdf (See amendment for off-shore outsourcing here http://rbidocs.rbi.org.in/rdocs/notification/PDFs/88930.pdf); Insurance Regulatory and Development Authority (IRDA) Guidelines on Outsourcing of Activities by insurance companies, available at
