How can we build more levers, resilience and flexibility into contracts to better cope with the unexpected? Jocelyn Paulley and Matt Harris share their experiences from dealing with the pandemic and its effects on IT agreements, and suggest how you can better prepare for other unexpected events in the future.
Transcript
Jocelyn Paulley: Hello and welcome to today's webinar. My name is Jocelyn Paulley. I am a partner in the IT and Data Team here at Gowling WLG and I am joined today by Matt Harris, a senior associate in my team.
Today's webinar is going to look at how we can help to plan and cater for unexpected events that might occur during the course of any kind of IT project. We have been looking at this obviously in the light of Covid-19 and lockdown and the effect that has had on the whole world in the last few months, but these themes are relevant for planning for any kind of unexpected event or disaster that might occur during the life of the contract. So we are going to look at how you can build mechanisms into your contract to give you flexibility, resilience and levers that you can pull to try to mitigate the effects where people or goods or both are unavailable or delayed due to whatever has been happening.
The things we are going to look at are: how do you start off, how can you plan, objective set and incentivise your supplier to perform in both the good times and the bad? Then we will consider some areas where you can create single points of failure within a contract, which is obviously something you want to avoid if you are trying to create resilience. We always have our force majeure clauses but we are going to look at some of the limitations of those clauses seeing how they have been stress tested during the recent pandemic. Then, how do you create a rapid response so when something does go wrong you have got all the things you need at your fingertips, ready to go, to put yourself in the best possible position to see the disaster through and recover. And finally, if the worst really does happen and you have to part ways with your supplier, what does an orderly exit look like and how can you plan for it.
Matt Harris: Great. So I am going to kick off by looking at how we can plan for projects and how we can drive the best performance from suppliers.
Our first piece of advice I think is to plan for events that you can foresee at the outset of the project. Careful planning goes into lots of projects and it seems a shame that that wasted by not including it within the contract because it can be of benefit for both the customer and the supplier. The benefit of including detailed plans is that, should an unexpected event occur, both the customer and supplier can take stock, pause and use the original plan to create solutions that enable both parties to move forward.
Let me give you an example. If you have a detailed project plan against which you mapped milestones and costs, should an extraordinary event intervene, it will be easy for the parties or certainly easier for them to look at the obligations that have been performed, those that are outstanding and there to see what sums are due and owing at the point of the extraordinary event. The theory here is that it should help to reduce the risk of dispute when the pressure is really on.
But, we cannot always foresee which events will occur. When contracts are drafted we tend to assume the world in which we operate now will be broadly the same for the duration of the agreement. I think it is fair to say that 2020 has somewhat shattered this assumption for most of us. It is impossible to predict the future or to create a contract that will cover every scenario that could possibly arise, but you can draft contracts that provide flexibility or fall back positions. Well, what might this look like when you could have mechanisms by which you could decrease the scope of your project or reduce committed volumes should an extraordinary event occur? There is likely to be an economic impact and you are going to need to pivot accordingly. Reducing scope and volumes can be a way for a customer to protect their economic position.
The best time to have these discussions is at the outset when the contract is drafted and negotiated. Negotiating an extraordinary event is extremely challenging and pressurised and will lead to uncertain outcomes no doubt. There is a tendency to think that suppliers will not want to engage in discussions around reducing volumes or scope during the negotiation process. And it is likely that pragmatic suppliers will take stock of the events of this year and see the value in retaining revenue in the mix of extraordinary circumstances rather than walking away with nothing.
So how do you get the best from your supplier through the contract? Well traditionally many organisations have used contractual terms to deter suppliers from underperformance, failure to perform, and it is true that deterrents are a good way to focus the mind of the supplier. We would certainly recommend that you consider the use of deterrents such as liquidated damages, termination rights or suspension rights. The argument is that to drive supplier performance there needs to be a balance between deterrent and incentive. In our experience, incentivising suppliers can yield very positive results. Whether or not a particular incentive mechanism will be appropriate will depend on the nature of the contract and the supplier in question but examples could be a gain share or peak performance indicators link to collaboration.
But good plans do not always work out and no matter how much a supplier wants to perform, the events beyond their control can prevent them from doing so. Therefore it seems important to structure your relationship with a contract in way that is going to avoid single points of failure. Joss is going to take you through some of the ways to deal with this issue.
Joss: So this is all about avoiding single points of failure within a contract. So we looked at our contracts and tried to think about where are those pinch points and how could you mitigate the effect of them occurring so that you have the coming together at a single point and if that person or place or supply is not available it is going to have a negative impact on the performance overall.
So first, key personnel. It is very common to see in all kinds of IT and services performance contracts individuals listed out because of particular skillsets that they have, and indeed that could have been your very reason for appointing a particular supplier in the first place to get access to that skillset. We are not suggesting that you build huge teams around these key personnel because that sounds like it could have a cost impact for a customer but thinking about ways that, if that individual was no longer available for some reason, they can share their knowledge within a team or as a customer you know what your plan B is as a back up to find someone else who has a similar skillset. There are some elements you could put in the contract such as knowledge handover and knowhow sharing being provided free of charge rather than at the customer's expense and it might be a case of having an alternative arrangement rather than looking to the particulars of why you have engaged.
Taking a step back from key personnel and looking at suppliers themselves, I have been talking to clients about amending their risk registers to look at a supplier and the monopoly position they might have in the market, just as you might look at their financial dealings to check that they are not going to become insolvent during the life of your contract. Understanding whether a particular supplier has a unique position because of a set of skills or goods it produces or element that it has access to, thinking about the elements in batteries, if that one supplier then was affected by some kind of event outside of its control or a disaster, what is your plan B for procuring that supply from an alternative source. You also need to look at the entire contracting chain, so not just the supplier that you have your contractual relationship with, but thinking particularly in an IT context about the whole stack of contracts and technologies that might make up a service, from the infrastructure to the hosting to the platforms, the application, and identify within that chain any of these single points of failure. It will put you in a much better position if something unexpected happens, you immediately understand your chain and be able to pre-empt how it might be affected.
Think also as well about the geographical aspect. In the recent context we have seen the entire globe being affected, but at different times and to different degrees. So again, if you understand in advance from where your supply chain is based, you can create your own risk strategies by deciding if you want more onshore or offshore or more geographically dispersed suppliers to provide your goods and services.
A slightly different point around supply contracts is where you have an exclusive relationship with a supplier. These can be very powerful arrangements and there can be huge benefits in terms of acquiring the unique skillset or something that singles out your supplier to the market that makes you more attractive by having an exclusive relationship with a particular supplier. But this comes with greater risks as well and it is very important to ensure you have built into the contract clauses and mechanisms and triggers so that where that supplier is not performing due to reasons outside of their control it is very clear that a customer can go and procure that service from elsewhere. Otherwise if those mechanisms are not there and the customer did that, they would be in breach of the contract.
I am also thinking about location and geography. For some services it is significant and they have to be provided from a particular location. That might be because you are maintaining and facilitating the running of servers in a particular place like a data centre. There is a good reason that personnel are on site. Enabling a remote link to that data centre to let people provide services when they are not physically at that site can be seen as a security risk because it is a link that does not need to be there. However, in the balance of providing the service at all versus providing it with a remote link has some security risk associated with it but that can be managed adequately, that would be a trade-off and a balance that you would need to look at in the context of something unexpected happening. It would give you greater flexibility, which is the aim here.
These though are mainly operational issues or even pre-contract issues or issues for a risk register, but as a customer procuring services or software you should be thinking about. But what about the actual clauses that we normally have in a contract such as force majeure which are designed by their nature to deal with unexpected events. However how helpful are they in reality?
Matt: We have seen a huge amount of commentary about force majeure clauses over the last few months. When the pandemic hit, companies were quickly dusting down their contracts to see what their rights were and checking to see whether the force majeure clause covered pandemics.
There are multiple factors which determine whether a party can rely on a force majeure clause such as, did the force majeure clause cover the extraordinary event in question which prevented performance? Was the party prevented from performing? Did the party take steps to mitigate the impact of the force majeure event? Now I think from that list it is self-evident that much of the ability of a party to rely on force majeure is incredibly context specific. Therefore, force majeure is not a magic bullet that will release a party from its obligations and the courts will always looks closely at context in events surrounding the force majeure event.
Now the effectiveness of this tool has to be closely looked at, and I have already said that there is a duty to mitigate. Companies will have taken steps which could help in future scenarios, so for example in the context of Covid-19, companies have invested huge amounts of money in remote working. It is arguable that the steps will affect the court's view in the future for example were the pandemic to hit in a couple of years' time and a company did not have the power of remote working arrangements in place, it is arguable and conceivable that a court may suggest that they should have done so and perhaps it was their duty to mitigate. Context will dictate the outcome but it is worth bearing in mind.
But how do you tackle delays caused by Covid-19? We are all aware of Covid-19, companies have had time to react and reliance of force majeure provisions at this point is going to be challenging. Companies entering into IT contracts now may wish to consider Covid-19 specific clauses which set out what should happen in the event of delay to the project. So for example, who has the responsibility to pay for delays? What should happen? How should the timeline be amended? And this is something which we have seen used in the construction industry already.
Now although I have talked in this slide about the limitations of force majeure we are certainly not suggesting that you should stop including it within your contracts. In light of this year's events you certainly need to make sure that the word 'pandemic' is referenced but also it is worth checking to ensure that there is a clear reference to actions taking by governmental bodies. After all, in the case of the pandemic organisations were typically not prevented from performing by Covid-19 itself but instead the restrictions put in place by the government to control the spread of the virus.
Now this has obviously been a challenging year and events occurred quickly so it is important that companies remain agile and Joss is going to talk through some steps that can be taken to correct the rapid response to the contract and the contracting process.
Joss: So if you want to able to respond quickly when the unexpected happens you can only do that if you have prepared for it and planned well in advance. And that is what good disaster recovery clauses will look like in a contract. It will say, there should be a plan, it should be tested regularly, it should be updated each year or when the services change so it always reflects reality. Those clauses might be there in the contract but unless customer and supplier have worked together to ensure that those tests have happened and both parties know what part they play in a disaster, it will not make dealing with it when disaster hits any easier. There is often some interesting interplay as well between a supplier's disaster recover scenario and plans and the customer's own and depending on the nature of the service or a cloud service that is being delivered, they may need special consideration in a contract. For example, a clause obliging a supplier to partake in the customer's own disaster recover tests and work with the customer to ensure that they all run and operate smoothly.
In an IT context, particularly with cloud services, disaster recovery is often a part of the service offering that a customer will be buying and can have a significant impact on charges. Clearly having a hot standby that is in a production environment and running in the same time as the live system, has a much bigger cost impact than a cold standby when there is merely capacity to be available if it is called for in the future.
Those points are often well rehearsed and understood by IT teams when they run their questionnaires with suppliers pre-contract and they actually have formed a significant part of the reason for selecting a particular supplier. It is not always the case though that those requirements make it through into the final contract, which is certainly something we would recommend so that there are contractual obligations around those important representations that suppliers made pre-contract. Including going as far as having service levels for recover time objectives so how long it takes systems to come back to life after a disaster and the recovery point objective, at what point data in systems will be backed up too to ensure that the customer knows how its systems will respond and what it can expect in a disaster and then plan accordingly. Data backups are clearly part of that planning. Cloud services will ensure live software and may recover their software but considering what happens to the data within that software is a separate discussion and more of a customer concern and a customer point to drive within those contracts.
So if you have been running your disaster recovery plans with your supplier, you clearly have good lines of communication open with them. It should be an important part of responding to any disaster and that should be built in to a robust governance structure within the contract and makes these clauses come to life and encourages collaboration and co-operation. The last thing you want when something unexpected happens is to reach for a contract in the hope that a notice clause tells you that you might need to talk to you own supplier. What you should be aiming for in those situations is really to operationalise the contract, to have brought it to life in practical do so lists and manuals so that teams know, in the event of a disaster, practical checklists that they can turn to rather than looking to a clause in the contract that might need lawyers to help interpret it and realising that the paperwork that they need does not actually exist at that point in time. One way we can help with that in a legal sense is by creating templates that set alongside the contract. So one of the options that Matt talked about earlier, where a customer might want to decrease scope or remove elements of services from scope, it can be quickly and easily called up rather than business first having to get hold of a legal contact to prepare those notices for them.
Smart contracts is another way that you might be able to help mitigate effects of people or systems not being available. This will obviously depend hugely on context and what your contract is. But if you make use of technology using sensors or blockchain to interpret real life events and then automatically make payments, send off notifications, that would help mitigate the effect of particular people not being around, make those payments or check those points in your contract delivery and service performance it. It alleviates some of the reliance of the human input.
Altogether communicating with a supplier here is one of the key points to ensure you have a plan together and understand how you work together in a disaster scenario so you are able to give that quick response. Ultimately though, whatever the turn of events has been, it might mean that you supplier is just not able to cope or not able to give you what you need in the timescale that you need it and you find you have the right to terminate. Matt is going to look at what an orderly termination looks like.
Matt: IT agreements can be a complicated and risky process, you might have to bring services back in-house or deal with a supplier that no longer has your custom and asking them to work with you to bring those services back in-house or move them to another third party. It is a cliché that in the run up to exit there is often too much to do and too little time to do it. So how do you avoid this time pressure? Well the best way to deal with an exit is to plan. I think we can all agree that a well planned exit is likely to be smoother, when the pressure is on people need to know what to do and when they have to do it. If typically the exit schedule is hidden away at the back of the contract and includes an obligation to provide an exit plan, some may say an after thought. However, the best time to plan an exit is at the outset of the agreement and it is important that you make sure that your supplier prepared the exit plan and that you validate this exit plan at the outset of the contract but that is not to say the planning should stop there.
As the contract evolves so should the exit plan, it should be a requirement in the contract for the supplier to update the plan at periodic intervals during the life of the contract. It can be overlooked so it is important that you make sure that your suppliers are constantly updating the plan. You do not want to get to the point of exit and find the plan does not refer or resemble the systems in place. Ultimately, in order to deploy the plan, the customer and supply teams need to understand their obligations prior to the point of exit and this follows the theme of the slides so far. Plan in advance and prepare your exit process, brief the teams and you can react more quickly but when it comes to exit, there are going to be other considerations and we have put two examples on the slide.
For example, data. Where it is sitting in an agreement there is likely going to be a migration or extraction of data, your team needs to be aware of what data is held by the third party or is being used by the third party so that the data can be moved effectively or deleted, and if TUPE applies planning is going to be essential to ensure that you comply with timetables as legislated by law.
Now we have talked a lot about the actual exit from the current supplier but if you are transitioning to a new supplier you are going to need resource in which to do that so you may be running an exit but also an on-boarding process at the same time and it is important that you have thought through the resource that you are going to need to ensure that the transition is smooth and your relationship with the supplier is productive from the outset and if you are transitioning to a new supplier it is likely that you have left your old supplier for a reason. Learning from past lessons can be the best way to move forward and it may be that some of those past issues can be actively built into and managed through the contract with your new supplier. Now obviously there is going to be an interaction between your outgoing supplier and your new supplier. You are probably going to need your outgoing supplier to share information which can be a sensitive subject because the outgoing supplier will be nervous about the sharing of information regarding their service and they will be keen to keep their confidential information and IP. To the greatest extent possible it is important that the exit in the contract clearly sets out those obligations with regards to sharing. It is certainly an area which could give rise to friction and dispute and also it is an area which should be addressed through the exit plan to make sure that the parties both understand what information is available and how it can be shared.
To sum up this and our thoughts on this issue, the best way to an agreed exit in an agreement is to plan and keep planning. Planning should start when the contract is negotiated and continue until the exit plan is deployed.
Joss: We hope that has given you some useful food for thought around issues to consider differently when you are entering into new contracts in the future, in light of what we have seen following Covid-19 and lockdown and the effect it has had on suppliers' services and goods. If you have any questions following this webinar, my details and Matt's are on the slide in front of you now so please do not hesitate to drop us a line and get in touch.
Thank you very much.
Read the original article on GowlingWLG.com
Originally published 08 July, 2020
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
