Practical tips to mitigate risk when outsourcing | Fieldfisher
Skip to main content

Practical tips to mitigate risk when outsourcing


United Kingdom

As technological capability and complexity increases exponentially, more and more organisations are turning to third parties to help them manage and streamline their business operations. Whilst there are many well-documented upsides associated with outsourcing, it can also often constitute a material line item on the balance sheet of an organisation, and where a project goes wrong it has the potential to badly impact the operation of the business.

Despite the risks though, and perhaps buoyed by a desire to get ahead of the competition or to secure a particularly attractive "deal", companies often rush into these arrangements without taking the time to consider upfront how those risks can best be mitigated contractually.
Here, Nikhil Shah and Sam Jardine set out a few practical tips which organisations may find useful when embarking on their outsourcing journey:
  • Careful service definition: make sure you (and your legal team) know what you're outsourcing and what you hope to achieve. Are you looking for the supplier to carry on the status quo? Or improve it? Or transform it entirely? Be clear on the current service specification (it takes a fair while to describe a business process, and your lawyers can help you describe what you have, and what you need). Look out for hidden assumptions and dependencies. Consider future-proofing your contract at the outset – we all know how fast technology moves!
  • Payment structure: how are you paying for the services? Are payments milestone-based? If the supplier misses them, do you have a remedy (such as liquidated damages) in place? Do you want or need open book visibility on the supplier's costs? Do you want to regulate margin or operate a form of gain-share if margin growth exceeds the initial predictions in the financial model? If there is a management layer / service charge, what is this intended to cover?
  • Liability: this is an area where lawyers come into their own. What does 'consequential loss' mean? Spoiler alert: see the second limb of Hadley v Baxendale (1854). And does the phrase "All indirect and consequential loss is excluded, including loss of profit" mean that you might be able to recover direct loss of profit? And if it does (or doesn't), what does that even mean in practice? The courts are reluctant to interfere with a bargain made between businesses – so write in the contract exactly what you mean. And if you're really backed into a contractual corner, consider a clause exonerating you from liability to the extent that your liability only arises due to an act or omission of the supplier (you can weave in some protective drafting).
  • Term and termination: how long should the agreement last? Do you have a unilateral right to extend? How and when can the arrangement come to an end? Just fault-based, or can you exit early for convenience (sometimes called 'no-fault')? If so, expect the supplier to look to recover costs it had invested into the relationship and which it had been looking to recover over the lifetime of the contract. And make sure that the supplier is still obliged to carry on performing services during an exit, but expect to pay for that.
  • Intellectual Property and third parties: what IP is each party bringing to the agreement? Is third party IP or infrastructure involved – if so, how is that regulated (does the supplier arrange for this via sub-contracts, or are you required to enter into direct licensing or other agreements)? What about IP created during the agreement? Remember that silence on newly arising IP normally works in favour of the supplier, so if you are paying for new IP to be developed, and you want to own it, make sure that the contract expressly assigns it to you.
  • Regulatory environment: does your regulator require certain clauses in the contract? Some sectors, such as the financial services sector, are regulated heavily, and sometimes this means certain clauses must be included in their contracts – for example, the EBA guidelines on outsourcing arrangements and the PRA's Statement SS2/21 on outsourcing and third party risk management. Your own customers, if they operate in regulated sectors, may also look for you to flow protections down the supply chain (e.g. regarding information security).
  • Data: it is likely that the arrangement will involve the supplier processing data belonging to you or your customers, some of which may be personal data, to which complex legislation applies, such as GDPR and the Data Protection Act 2018. (Do check your contracts – we've seen 'new' draft contracts still referring to the out-of-date Data Protection Act 1998). Are you a 'controller' or a 'processor', or a hybrid? It'll all depend on what you do with the personal data, which a good 'data' lawyer (we have lots of them) will help you figure out.
  • Employees and pensions: does the transfer of the service or function involved affect staff dedicated to that function? Those staff may well transfer to the supplier under TUPE, whatever the contract might say. And what about pension arrangements for those staff? And don't forget that a prudent contract will consider not only TUPE and associated provisions at the start of the contract (entry) but also at the end (exit), whether that's back in-house or to a new supplier.
If you are embarking on an outsourcing journey and have any questions, please get in touch!

Sign up to our email digest

Click to subscribe or manage your email preferences.


Areas of Expertise

Technology and Data