In this LexisNexis webinar - Digital trading: trends and challenges in tech outsourcing, legal experts Alastair Mitton. Partner at Womble Bond Dickinson and Tom Porter, General Counsel - Global Digital and IT for Natura&Co (a family of brands including Natura, Aesop, The Body Shop, and AVON), discuss digital trading, focusing on the trends and challenges faced in technology outsourcing.
Starting with a discussion around exit planning, Alastair and Tom also talk about the process of entering into a new agreement and provide an overview of outcomes-focused contracts, gain/save share models, and the use of scaled agile in the context of large outsourcing agreements.
Lastly, they discuss current trends from a liability perspective. This practical and insightful webinar will help you navigate the next projects that come across your desk.
To watch the webinar in full for Alastair’s and Tom’s practical advice, click here (subscription only).
- Exit in practice
- Dynamic/agile contracting
- Outcomes focussed contracts
- Gain/save share
- Scaled agile
- Liability and insurance – what's ‘market’
Exit in practice
Alastair starts with the significance of keeping the exit in mind when working on contracts of this kind, and emphasises the need to build clarity around how exit will be dealt with. That's because many of the challenges lawyers face in practice in this context arise from the exit position inherited in a legacy arrangement. In addition, unless you are dealing with a first-generation outsourcing, you’ll nearly always have to deal with an exit of some kind while entering into a new agreement. Therefore, anything that can be done to make the process smoother from the outset is time well spent.
Alastair highlights the importance of having a well-crafted framework covering ongoing services and exit assistance, and how, unfortunately, the importance of certainty around continuity of service can sometimes be overlooked. As part of this, it’s also crucial to have precise guidelines around the transfer of contracts and assets back to the customer or a new service provider where relevant. Additionally, Alastair explains that there should naturally also be obligations in place for knowledge transfer and transparency regarding any costs associated with termination more generally.
In many cases, crucial aspects of the exit framework are left undocumented until after the agreement has been signed. Alastair discusses how it's then common for those aspects to go unfinished, and the opportunity to review them is often only utilised when it's too late, when exit is looming, and it becomes a matter of damage limitation. For example, it's fairly typical for the parties to leave a detailed plan to be agreed within a specific number of days after signing, but in retrospect, this frequently doesn't then happen. Alastair therefore advises using regular check-ins and potentially audits to review progress throughout the duration of a contract to identify and address these gaps as soon as they become apparent.
Another real difficultly that can arise is where there is insufficient clarity around key assets and what happens to them when the contract ends. For instance, whether we know what they are in the first place, and if a purchase option been included in the contract so they can be transferred at the end. This can become highly problematic to deal with if problems are discovered late in the day.
As a side note, Alastair flags that financial services and insurance firms have less flexibility than others in terms of what can be left until after signature in this regard, given the very specific regulatory requirements surrounding operational resilience, and how many of these aspects need to be addressed in detail and included in notification of the agreement to the regulator.
Tom adds that in his experience in the retail sector, exit is nearly always deferred until later due to competing priorities. Key items Tom flags are to secure agreement on what the supplier is required to provide the customer on exit, and the payment principles which will apply, i.e. whether the client is paying and what for. Another exit challenge that Tom notes is that the handover between legal and IT can often be disjointed, and so finding the right person within IT to manage this handover is crucial. It’s important to get your governance process confirmed and IT aware of its obligations early.
Tom concludes that if these protections haven't been built in, then it's certainly worth looking at putting in place an exit-related statement of work with the incumbent supplier which can then help to plug the gaps, especially if you’ve managed to maintain a positive relationship with the supplier up to that point.
Alastair discusses the concept of dynamic and agile contracting, specifically addressing the common issue of increasingly tight deadlines in IT projects. He advises that lawyers should utilise project management skills to proactively prevent legal complications caused by compressed timelines. Additionally, he emphasises the importance of building strong relationships at a senior level, awareness of the team and personalities, and establishing trust throughout the outsourcing process.
As more companies adopt agile methodologies or dynamic outsourcing, lawyers must have a holistic understanding of the business and be involved in the project management side of things too. This of course helps with the crucial role involved in actively managing expectations from the outset of a project.
Tom mentions how in-house lawyers are vital in dynamic/agile contracting, particularly in building and maintaining strong relationships with the senior leadership team and CIO. This is complemented by strong negotiation skills to ensure the value of the outsourcing agreement and that it reflects the (changing) commercial requirements of the organisations. Establishing trust is crucial in this regard. Tom agrees that project management is a key aspect of an in-house lawyer's responsibilities, and they must ensure that the final contract encompasses all commercial requirements of the business and manages these competing workstreams.
Given the all-encompassing nature of this task, working with external counsel is also often necessary to help when it comes to the actual drafting, version control and negotiations. This allows the in-house lawyer to focus on that project management role, with their understanding of the strategic and commercial outlook of the businesses, alongside internal relationship management.
Alastair and Tom discuss the increased prevalence of businesses seeking to develop contracts which are 'outcomes-focused' – in essence translating the business needs of both the company and its customers wherever possible to drive improved business results. For example, these could include measures focussed on customer experience, customer retention, revenue growth, and other outcomes related to the business' objectives in real life. Building this into an agreement therefore often involves using metrics that align with the company's goals and which are measured through the use of a balanced scorecard, which sits alongside the more traditional service level agreements.
Alastair comments that while this concept may sound promising in theory, it can be challenging to implement for a number of reasons. For example, whether the supplier really has control of a particular outcome if unexpected external challenges arise. In addition, it can be difficult to prioritise one business outcome over another, and Alastair agreed that taking a more creative approach in this area can be advantageous.
Another challenge discussed is that by using a scorecard methodology, its simplicity may not take into account other performance issues, despite meeting high-level targets. It’s therefore important to ensure that these performance elements are also tracked and included in service-level agreements to complement the broader outcomes.
Tom highlights the difficulty on the ground in ensuring the delivery of outcomes-focused contracts. As they are a new way of working, outcomes-focused contracts often then have to sit alongside legacy measurement and that a lot of businesses are not ready for purely outcomes-focused approach. Tom also highlights the need to have flexibility within outcomes-focused contracts, for example, an outcome having not been achieved by way of the supplier’s actions, but through another unrelated process or improvement or even coincidence. This flexibility poses its own issues as it can be an uncomfortable concept for suppliers, adding in another level of complications during negotiations.
Alastair and Tom go on to talk about gain and share save – a concept that often sits alongside outcomes-focused mechanisms in outsourcing contracts.
For example, where cost reduction is a major objective this can be reflected in a framework through which the supplier gets to share a portion of the savings it is able to deliver. That might typically be through the increased use of automation, AI tools etc.
That said, Tom adds that whilst gain/save share is a great concept, not many businesses know how to implement it and there’s a risk of businesses paying twice for the savings achieved when taking this approach, i.e. how do you distinguish between savings that have perhaps already been baked into a supplier's price at selection stage as compared to genuinely new savings delivered during the contract term. Additionally, the pace at which businesses change also poses a risk to this type of contract. Previously, objectives would be set for around two years and there is a clear direction, however, businesses are increasingly agile and likely to pivot, making it difficult to plan and to set out the parameters for gain/save share other than in the shorter turn.
The trend of implementing scaled agile in large outsourcing agreements is inherently also growing. Alastair discusses the concept of creating teams of teams or “agile release trains”, along with the key artefacts and ceremonies that lawyers should be aware of.
Alastair talks about the contractual challenges that lawyers in this domain often experience when faced with an agile approach – for example, there will likely be no specification to link more typical warranties to, informal decision making can create evidential challenges if things don't go to plan, and a building sense of commercial frustration can occur for the customer if the agile mechanism created doesn't contain sufficient quality controls where customers then feel they are being asked to pay twice for work that wasn’t delivered as it should have been in the first place and is then simply placed back into the product backlog.
To avoid some of these challenges, Alastair discusses the importance of clarity around the deliverables and processes, whilst maintaining the flexibility that teams require on the ground. Some of these recommendations are to clarify the pricing model, implement a reliable quality control mechanism, build in clear definitions of the process involved such as the duration of sprints, and when testing should happen as well as the key artefacts and ceremonies involved. Those can then be used to create protections like financial redress mechanisms for when issues do arise and quality falls below specified parameters, rather than mechanisms under which the customer just continues paying out until the work is done.
Tom explains that, from his perspective, agile contracts are becoming more common, even to the degree that the executive team are beginning to talk about them as a way of working. Whilst there is obviously the possibility of ‘cost creep’ and fewer traditional protections, the risks of agile are in practice also seen in more traditional waterfall arrangements fairly frequently. Therefore, the benefits of agile can often outweigh the risks, due to the flexibility it offers.
As a recurring theme, Tom and Alastair also reiterate how important it is to have the right people involved on the ground with a clear understanding of the agile methodology being followed, as that can often provide as much protection in practice as the contract itself.
Liability and insurance – what's ‘market’
Alastair and Tom wrap up their discussion on what they're currently seeing around the liability position in contracts of this kind.
While there are no hard and fast rules, it seems that the era of unlimited liability being accepted for certain types of loss is mostly behind us, especially in tech outsourcing. Lawyers here are often primarily concerned with information security, data breaches, and connected data protection liability issues. However, since the implementation of the GDPR and the significantly increased fines which came with it, we have seen a gradual move towards the use of 'super caps' to deal with this area, with numbers in the region of £50-100 million not being uncommon in fairly large outsourcing agreements in the private sector. That said, Alastair advises that lawyers must always carefully consider their goals when determining the level of caps to be agreed and be mindful that the types of liability calculator often seen in this area tend to produce such inflated numbers as to be of limited use as far as negotiations are concerned.
In parallel, Alastair mentions being mindful of the shift in the insurance market as customers look to specify a minimum amount of cover for cyber- and ransom-related liability as that has become increasingly hard to secure over recent years and incidents have increased. So it’s important to be aware of this when setting the requirements here as there will be limits around what is possible to achieve.
Tom agrees there are difficulties in finding the right balance within IT outsourcing contracts and trying to deliver this message internally, because of the huge risk that IT systems inherently pose to business outcomes when they don’t function. For example, in a retail environment a website going down for just one day could equate to a very large amount in lost revenue. However, to expect that to be covered under existing insurance or easily recoverable from a supplier isn't always realistic and so that can be a difficult conversation to have. Tom advises briefing teams internally as clearly as possible, getting high-level engagement early and ensuring that senior stakeholders fully understand the risk profile being negotiated so that everyone knows where they stand.
To watch the webinar in full, and to take a quiz on the subject matter, click here (subscription only).