Date post: | 23-Dec-2015 |
Category: |
Documents |
Upload: | alvin-clarke |
View: | 216 times |
Download: | 0 times |
© Copyright 2014 Saul Ewing LLP1
Outsourcing 2014: Negotiating Outsourced Contracts
Sarah (“Sally”) ChurchKevin A. WigginsEvan J. FosterSaul Ewing, LLPOne PPG Place, 30th FloorPittsburgh, PA 15222
© Copyright 2014 Saul Ewing LLP2
Why Outsource?• Concentrate on business’ core
competencies or mission• Take advantage of specialist
expertise, resources or best practices
• Reduce personnel, hardware, software or facilities investment
• Cost efficiencies due to provider economies of scale, leverage, global labor costs
© Copyright 2014 Saul Ewing LLP3
What to Outsource:Employee Benefit Contracts• Retirement Plans
Legal/Audits Trust/Custodial Services/Recordkeeping Investments and Consultants
• Health and Welfare Plans Legal/Audits Insurance Contracts/Administrative Services Business Associate Agreements Pharmacy Management Brokers/Consultants /Payroll (for ACA reporting)
© Copyright 2014 Saul Ewing LLP4
What to Outsource:IT, Recruiting and Business
Processes• IT
Help Desk Data center Desktop or onsite support Server or network operations
• Recruiting and staffing• Business Processes
Finance Customer call center Document processing
© Copyright 2014 Saul Ewing LLP5
Before Selecting a Service Provider
• Define goals and desired outcomes Cost savings, improved performance, flexibility?
• Identify legal requirements• Formal requirements gathering
Ideally, before selection discussions or RFP Separate musts haves from nice to haves Thorough requirements create efficiencies and
reduce risks• What type of relationship do you want?
Length of commitment, tactical vs. strategic, what is the future state?
© Copyright 2014 Saul Ewing LLP6
ERISA Legal Requirements• Duty of Prudence
Applies at initial engagement, ongoing (duty to monitor), and termination of engagement
• Prohibited Transactions ERISA requires fiduciaries to engage in a
prudent process to avoid prohibited transactions
Fiduciaries are generally not liable with prudent process, even if transaction turns out to be a prohibited transaction
© Copyright 2014 Saul Ewing LLP
ERISA Prudence in Selecting a Service
Provider• Engage in objective process
designed to elicit information necessary to assess: Qualifications and Quality of services
offered Reasonableness of fees
• DOL Advisory Opinion 2003-02A• Which outsourcing strategy better
documents a prudent process?7
© Copyright 2014 Saul Ewing LLP8
Outsourcing Strategies
• Sole Source Strategy• Competitive Strategy• Collaborative Strategy
© Copyright 2014 Saul Ewing LLP9
Sole SourceNegotiate with Only One Vendor
Advantages Disadvantages
• Builds on existing relationships
• Less market information
• Reduced costs • Less likely to find highest value
• Reduced processing time • Less of a fiduciary process
• May be required by CBA • Increased potential for self-dealing
© Copyright 2014 Saul Ewing LLP10
Competitive Strategy
• Negotiate with a broad range of vendors in an auction-like process
• Advantages More market information and
competition More likely to find highest value vendor More showing of a fiduciary process Reduced potential for self-dealing
© Copyright 2014 Saul Ewing LLP11
Competitive Strategy
• Disadvantages More time and costs
• RFI and RFP Adversarial process tends to reduce
trust May inhibit vendor’s response and
interaction during process
© Copyright 2014 Saul Ewing LLP12
Collaborative Strategy
• Negotiate with two (or a few) select vendors
• Engage in parallel negotiations with each vendor similar to sole source negotiations
• Advantages Less Adversarial More Trust More Responsive Vendors
• Disadvantages Less competition and market information
© Copyright 2014 Saul Ewing LLP
Contracting: Who should be involved in the
process?• Depending on the subject
matter, size and complexity, you might assemble a team of one or a team of many.
• Define roles and responsibilities to avoid “too many cooks in the kitchen” or worse, negotiating against yourself.
• Involve experts within the customer organization if the contract contains unfamiliar subject matter or sensitive issues (e.g., IS/IT, Risk Management, HR).
• Don’t assume that other constituencies within your organization know that you are entering into this contract.
© Copyright 2014 Saul Ewing LLP
What should be included in an outsourcing contract?
• The most important part of the contract may be the exhibits, schedules, or appendices - the devil is in the details!
• Vendor proposals, quotations, Statements of Work or policies often include “legal” terms slipped in. Don’t assume they don’t require legal review.
• Error on the side of over inclusion. If the vendor said it or provided it in writing, consider incorporating it into the agreement.
• Are there specific company policies that the vendor must adhere to?
© Copyright 2014 Saul Ewing LLP
Contracting Mechanics
• Process differs for different deals depending on team and negotiating dynamic.
• Establish who will have “document control” and be responsible for making changes.
• Use caution to avoid sharing internal comments with the other side (e.g. track changes/ metadata).
• Consider whether negotiations are best handled via phone calls, email and/or face to face meetings.
© Copyright 2014 Saul Ewing LLP
Contracting Mechanics: Before You Sign on the Dotted Line
• Review the final contract package to make sure it: includes all of the required
attachments, exhibits, schedules and appendices
clearly states what each party’s obligations are
lays out each party’s duty should something go wrong
provides the company with adequate protections should the other party breach the contract or if the company determines that it is unhappy with the services
© Copyright 2014 Saul Ewing LLP17
Form of Agreement
• Master Services Agreement or Master Information Services Agreement The legal terms and conditions
• Scope of Services Single most important element Clear and comprehensive If the vendor promises it, they should put it in
writing• “Don’t worry, we never do that.”
Identify whether services are provided as fiduciary or agent
• Exhibits and Schedules
© Copyright 2014 Saul Ewing LLP18
Master Service Agreements
• Detailed Statement of Work Reporting and Disclosure
• Vendor will provide all information in its possession that plan needs to comply with ERISA
• Including 408(b)(2) for Retirement Plans Before you sign the agreement
Fiduciary Duties (standard of care) Minimum Standards Other
© Copyright 2014 Saul Ewing LLP19
Master Service Agreements• Identify Correct Parties to
Agreement Employer Committee or other plan fiduciary Plan (Trustee)
• Parties Covered by Agreement Make sure all plans that should be
included are included
© Copyright 2014 Saul Ewing LLP20
Outsourcing Risks• Primal fears result from services,
software, content, data and environment being outside the customer’s control: management and oversight availability/uptime backups/disaster recovery data/network security data privacy what if vendor goes dark? what if there is a dispute?
© Copyright 2014 Saul Ewing LLP21
Standard Clauses:Term and Termination
• Term of Contract• Termination
Reasons Notice
• Distinguish expiration from termination Automatic renewal or expiration? Unilateral option to renew Termination for cause or convenience Required notice
© Copyright 2014 Saul Ewing LLP22
Standard Clauses:Termination
• Termination Post-termination services are critical to
outsourced arrangements Obligations should apply regardless of reason for
termination Return, destruction, or retention of data and
confidential information Transition activities and data migration Claim run outs Survival clauses
• Indemnification for fiduciary breach should survive for applicable SOL
© Copyright 2014 Saul Ewing LLP23
Standard Clauses:Intellectual Property
• Ownership of work product “Work made for hire” - must be in writing or
else author retains ownership Assignment - “work made for hire” is limited
• Service provider will want to retain ownership in its processes, knowledge and internal tools May need a license to all of these items for
transition to another vendor or to bring services in-house
© Copyright 2014 Saul Ewing LLP24
Standard Clauses:Representations and
Warranties Legal Compliance
• Most outsourcing includes some outsourcing of compliance functions
Service Warranties• Services will be performed in accordance
with contractual requirements (specifications, RFP, Scope of Work)
• Services be performed at a standard that is generally accepted in the profession (AICPA, ITIL)
© Copyright 2014 Saul Ewing LLP25
Standard Clauses:Confidentiality, security and
data privacy• Data privacy is a hot-button issue with U.S. and
EU lawmakers and regulators. HITECH expansion of HIPAA privacy rules 2009 FTC data breach notification rule for vendors of
personal health records & service providers Numerous state data breach notification laws Gramm-Leach-Bliley, FERPA, other statutes Industry regulation (e.g., Payment Card Industry (PCI)) Proposed changes to EU Data Protection Directive may
mean additional scrutiny • High profile breaches: Target, HomeDepot, JP
Morgan
© Copyright 2014 Saul Ewing LLP26
Standard Clauses:Confidentiality, security and
data privacy• Enhanced B2B scrutiny of data flows to
subcontractors and outsourcing providers.• If you are handling other people’s data, your data
protection/privacy obligations to those people need to flow through to data centers and outsourcing providers.
• Need to pay attention to vendor’s processes, not just physical systems.
• Need to align your privacy commitments, and vendor obligations, with actual behavior
• Individual security audit may be impractical
© Copyright 2014 Saul Ewing LLP27
Standard Clauses:Data backup and Storage Where is data stored? Who has access? Is data stored in a shared, virtualized “multi-tenant”
environment vs. dedicated physical servers? How often are backups made? onsite or offsite? Does
customer have the ability to make its own backup? Does the provider have a disaster recovery plan? Do
you? How does provider fit within your plan? How often is the full plan tested? How long will it take to get services or data back
online? May need special terms to localize data storage (“do
not store outside U.S. or Canada”)
© Copyright 2014 Saul Ewing LLP28
Standard Clauses:Audits
Permissible audits• 5500 Audits• Financial Audits
Date revenue sharing is credited• Compliance Audits• Other Audits• Certified compliance with published standards?
SSAE 16 and ISAE 3402 audits (replaced SAS 70 in June 2011.)
• Type 1 – auditor’s opinion on service organization’s description of controls in operation and suitability of the design
• Type 2 – auditor’s opinion on whether controls are actually operating effectively
ISO 27000, Open Web Application Security Project (OWASP), NIST, etc.
© Copyright 2014 Saul Ewing LLP29
Standard Clauses:Service Levels (SLAs)
• Help measure performance and improvement over services previously delivered internally
• Set baselines, targets for improvement and incentives to meet those targets
• Can be quantitative (uptime, time to complete transaction), financial (% savings) and qualitative (user surveys)
© Copyright 2014 Saul Ewing LLP30
Standard Clauses:Governance and Communication
Critical aspect of any Agreement - Outsourcing arrangements don’t run themselves
Mutual, escalating accountability Who has authority to authorize work,
make decisions, change services? What is the change management and
change control process?
© Copyright 2014 Saul Ewing LLP31
Standard Clauses:Limits on Liability
Unilateral or mutual Single or multiple caps Per claim, aggregate, per plan year, etc. Check for “hidden” limits
• Limits to E&O Insurance• Limits on Fiduciary Insurance
Ask to see policies
© Copyright 2014 Saul Ewing LLP32
Standard Clauses:Limits on Liability
Carve-outs• Indemnification• Breach of fiduciary duties• Gross negligence/willful misconduct• Cost to correct Hitech breaches
© Copyright 2014 Saul Ewing LLP33
Standard Clauses:Limits on Liability
No indirect, special, or consequential damages
Many vendors limit to fees paid• Limited to 3 X fees paid• Liability over term of contract limited to 3 X
fees paid during that term Watch for disclaimers and
indemnification of all HIPAA/HITECH liability• Some vendors directly liable
© Copyright 2014 Saul Ewing LLP34
Standard Clauses:Indemnification
• Indemnification Indemnify and hold harmless Defend and Pay
• Consider Scope Plan Participants Fiduciaries (Committee) Employer (directors, officers, employees,
etc.) Controlled Group
© Copyright 2014 Saul Ewing LLP35
Standard Clauses:Indemnification
• Third Party Claims Fraud, willful or intentional misconduct,
gross negligence, recklessness, negligence, breach of agreement• Materiality disclaimers
Running from vendor in favor of employer usually limited to failure to follow directions• Sweep clauses
Acts or failures to act
© Copyright 2014 Saul Ewing LLP36
Standard Clauses:Indemnification
• Indemnification for Third Party Claims Cross indemnification Timely notice of action Right to control action No settlement clause
© Copyright 2014 Saul Ewing LLP37
Standard Clauses:Dispute Resolution
• Arbitration/Mediation/ADR Not particularly unique to benefit plans Health plan claims cannot be arbitrated
per DOL Regs• Retain right to seek immediate
injunctive relief in court for critical issues
© Copyright 2014 Saul Ewing LLP38
Standard Clauses - Benefits
• Source of Fees Plan/Participants
• Fiduciary duties and prohibited transactions• Most ERISA risk• Vendors prefer credit risk of plan over sponsor
Investments (Revenue Sharing)• Dates for crediting revenue sharing • Who earns interest on revenue sharing• Medium ERISA risk
Employer• Lowest ERISA risk• Watch for plan listed as secondary payor
© Copyright 2014 Saul Ewing LLP
QUESTIONS?
39